Search…
v6.0.0 (latest)
Welcome to HEAVY.AI Documentation
Overview
Overview
Release Notes
Installation and Configuration
System Requirements
Installation
Services and Utilities
Configuration Parameters
Security
Roles and Privileges
Connecting Using SAML
Implementing a Secure Binary Interface
Encrypted Credentials in Custom Applications
LDAP Integration
Distributed Configuration
Loading and Exporting Data
Supported Data Sources
Command Line
SQL
Data Definition (DDL)
Data Manipulation (DML)
Heavy Immerse
Introduction to Heavy Immerse
Admin Portal
Working with Dashboards
Measures and Dimensions
Using Parameters
Using Filters
Multilayer Charts
SQL Editor
Customization
Chart Types
Data Science
Data Science Foundation
JupyterLab Installation and Configuration
Using HEAVY.AI with JupyterLab
Introduction to Ibis
Interactive Data Exploration with Altair
Additional Examples
UDF and UDTF
Remote Backend Compiler (RBC)
APIs and Interfaces
Overview
heavysql
Thrift
JDBC
ODBC
Vega
RJDBC
Python: heavyai
SQuirreL SQL
mapd-connector
Tutorials and Demos
Loading Data
Using Heavy Immerse
Hello World
Creating a Kafka Streaming Application
Getting Started with Open Source
Try Vega
Troubleshooting and Special Topics
Vulkan Renderer
FAQ
Optimizing
Known Issues and Limitations
Logs and Monitoring
HeavyConnect
HeavyConnect Release Overview
Getting Started
Best Practices
Examples
Command Reference
Parquet Data Wrapper Reference
Powered By GitBook
Encrypted Credentials in Custom Applications
HEAVY.AI can accept a set of encrypted credentials for secure authentication of a custom application. This topic provides a method for providing an encryption key to generate encrypted credentials and configuration options for enabling decryption of those encrypted credentials.

Generating an Encryption Key

Generate a 128- or 256-bit encryption key and save it to a file. You can use https://www.allkeysgenerator.com/Random/Security-Encryption-Key-Generator.aspx to generate a suitable encryption key.

Configuring the Web Server

Set the file path of the encryption key file to the encryption-key-file-path web server parameter in heavyai.conf:
1
[web]
2
encryption-key-file-path = “path/to/file”
Copied!
Alternatively, you can set the path using the --encryption-key-file-path=path/to/file command line argument.

Generating Encrypted Credentials

Generate encrypted credentials for a custom application by running the following Go program, replacing the example key and credentials strings with an actual key and actual credentials. You can also run the program in a web browser at https://play.golang.org/p/nNBsZ8dhqr0.
1
package main
2
3
import (
4
"crypto/aes"
5
"crypto/cipher"
6
"crypto/rand"
7
8
"fmt"
9
"io")
10
11
// 1. Replace example key with encryption string
12
var key = "v9y$B&E(H+MbQeThWmZq4t7w!z%C*F-J"
13
14
// 2. Replace strings "username", "password", "dbName"with credentials
15
var stringsToBeEncrypted = []string{
16
"username",
17
"password",
18
"dbName",
19
}
20
21
// 3. Run program to see encrypted credentials in console
22
func main() {
23
for i := range stringsToBeEncrypted {
24
encrypted, err := EncryptString(stringsToBeEncrypted[i])
25
if err != nil {
26
panic(err)
27
}
28
fmt.Printf("%s => %s\n", stringsToBeEncrypted[i],encrypted)
29
}
30
}
31
32
func EncryptString(str string) (encrypted string,err error) {
33
keyBytes := []byte(key)
34
35
block, err := aes.NewCipher(keyBytes)
36
if err != nil {
37
panic(err.Error())
38
}
39
aesGCM, err := cipher.NewGCM(block)
40
if err != nil {
41
panic(err.Error())
42
}
43
nonce := make([]byte, aesGCM.NonceSize())
44
if _, err = io.ReadFull(rand.Reader, nonce); err!= nil {
45
panic(err.Error())
46
}
47
strBytes := []byte(str)
48
49
cipherBytes := aesGCM.Seal(nonce, nonce, strBytes,nil)
50
51
return fmt.Sprintf("%x", cipherBytes), err
52
}
Copied!
Previous
Implementing a Secure Binary Interface
Next
LDAP Integration
Last modified 2mo ago
Export as PDF
Copy link
Contents
Generating an Encryption Key
Configuring the Web Server
Generating Encrypted Credentials