Search…
v6.1.1 (latest)
Welcome to HEAVY.AI Documentation
Overview
Overview
Release Notes
Installation and Configuration
System Requirements
Installation
Services and Utilities
Configuration Parameters
Security
Roles and Privileges
Connecting Using SAML
Implementing a Secure Binary Interface
Encrypted Credentials in Custom Applications
LDAP Integration
Distributed Configuration
Loading and Exporting Data
Supported Data Sources
Command Line
SQL
Data Definition (DDL)
Data Manipulation (DML)
Heavy Immerse
Introduction to Heavy Immerse
Admin Portal
Working with Dashboards
Measures and Dimensions
Using Parameters
Using Filters
Multilayer Charts
SQL Editor
Customization
Chart Types
Python / Data Science
Data Science Foundation
JupyterLab Installation and Configuration
Using HEAVY.AI with JupyterLab
Python User-Defined Functions (UDFs) with the Remote Backend Compiler (RBC)
Ibis
Interactive Data Exploration with Altair
Additional Examples
APIs and Interfaces
Overview
heavysql
Thrift
JDBC
ODBC
Vega
RJDBC
SQuirreL SQL
heavyai-connector
Tutorials and Demos
Loading Data
Using Heavy Immerse
Hello World
Creating a Kafka Streaming Application
Getting Started with Open Source
Try Vega
Troubleshooting and Special Topics
Vulkan Renderer
FAQ
Optimizing
Known Issues and Limitations
Logs and Monitoring
HeavyConnect
HeavyConnect Release Overview
Getting Started
Best Practices
Examples
Command Reference
Parquet Data Wrapper Reference
ODBC Data Wrapper Reference
Powered By GitBook
Encrypted Credentials in Custom Applications
HEAVY.AI can accept a set of encrypted credentials for secure authentication of a custom application. This topic provides a method for providing an encryption key to generate encrypted credentials and configuration options for enabling decryption of those encrypted credentials.

Generating an Encryption Key

Generate a 128- or 256-bit encryption key and save it to a file. You can use https://www.allkeysgenerator.com/Random/Security-Encryption-Key-Generator.aspx to generate a suitable encryption key.

Configuring the Web Server

Set the file path of the encryption key file to the encryption-key-file-path web server parameter in heavyai.conf:
[web]
encryption-key-file-path = “path/to/file”
Alternatively, you can set the path using the --encryption-key-file-path=path/to/file command-line argument.

Generating Encrypted Credentials

Generate encrypted credentials for a custom application by running the following Go program, replacing the example key and credentials strings with an actual key and actual credentials. You can also run the program in a web browser at https://play.golang.org/p/nNBsZ8dhqr0.
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"fmt"
"io")
// 1. Replace example key with encryption string
var key = "v9y$B&E(H+MbQeThWmZq4t7w!z%C*F-J"
// 2. Replace strings "username", "password", "dbName"with credentials
var stringsToBeEncrypted = []string{
"username",
"password",
"dbName",
}
// 3. Run program to see encrypted credentials in console
func main() {
for i := range stringsToBeEncrypted {
encrypted, err := EncryptString(stringsToBeEncrypted[i])
if err != nil {
panic(err)
}
fmt.Printf("%s => %s\n", stringsToBeEncrypted[i],encrypted)
}
}
func EncryptString(str string) (encrypted string,err error) {
keyBytes := []byte(key)
block, err := aes.NewCipher(keyBytes)
if err != nil {
panic(err.Error())
}
aesGCM, err := cipher.NewGCM(block)
if err != nil {
panic(err.Error())
}
nonce := make([]byte, aesGCM.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err!= nil {
panic(err.Error())
}
strBytes := []byte(str)
cipherBytes := aesGCM.Seal(nonce, nonce, strBytes,nil)
return fmt.Sprintf("%x", cipherBytes), err
}
Previous
Implementing a Secure Binary Interface
Next
LDAP Integration
Last modified 2mo ago
Export as PDF
Copy link
Outline
Generating an Encryption Key
Configuring the Web Server
Generating Encrypted Credentials