v7.1.1 (latest)

Encrypted Credentials in Custom Applications

HEAVY.AI can accept a set of encrypted credentials for secure authentication of a custom application. This topic provides a method for providing an encryption key to generate encrypted credentials and configuration options for enabling decryption of those encrypted credentials.

Generating an Encryption Key

Generate a 128- or 256-bit encryption key and save it to a file. You can use https://www.allkeysgenerator.com/Random/Security-Encryption-Key-Generator.aspx to generate a suitable encryption key.

Configuring the Web Server

Set the file path of the encryption key file to the encryption-key-file-path web server parameter in heavyai.conf:
encryption-key-file-path = “path/to/file”
Alternatively, you can set the path using the --encryption-key-file-path=path/to/file command-line argument.

Generating Encrypted Credentials

Generate encrypted credentials for a custom application by running the following Go program, replacing the example key and credentials strings with an actual key and actual credentials. You can also run the program in a web browser at https://play.golang.org/p/nNBsZ8dhqr0.
package main
import (
// 1. Replace example key with encryption string
var key = "v9y$B&E(H+MbQeThWmZq4t7w!z%C*F-J"
// 2. Replace strings "username", "password", "dbName"with credentials
var stringsToBeEncrypted = []string{
// 3. Run program to see encrypted credentials in console
func main() {
for i := range stringsToBeEncrypted {
encrypted, err := EncryptString(stringsToBeEncrypted[i])
if err != nil {
fmt.Printf("%s => %s\n", stringsToBeEncrypted[i],encrypted)
func EncryptString(str string) (encrypted string,err error) {
keyBytes := []byte(key)
block, err := aes.NewCipher(keyBytes)
if err != nil {
aesGCM, err := cipher.NewGCM(block)
if err != nil {
nonce := make([]byte, aesGCM.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err!= nil {
strBytes := []byte(str)
cipherBytes := aesGCM.Seal(nonce, nonce, strBytes,nil)
return fmt.Sprintf("%x", cipherBytes), err