HEAVY.AI can accept a set of encrypted credentials for secure authentication of a custom application. This topic provides a method for providing an encryption key to generate encrypted credentials and configuration options for enabling decryption of those encrypted credentials.
Generating an Encryption Key
Generate a 128- or 256-bit encryption key and save it to a file. You can use to generate a suitable encryption key.
Configuring the Web Server
Set the file path of the encryption key file to the encryption-key-file-path web server parameter in heavyai.conf:
[web]
encryption-key-file-path = “path/to/file”
Alternatively, you can set the path using the --encryption-key-file-path=path/to/file command-line argument.
Generating Encrypted Credentials
Generate encrypted credentials for a custom application by running the following Go program, replacing the example key and credentials strings with an actual key and actual credentials. You can also run the program in a web browser at .
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"fmt"
"io")
// 1. Replace example key with encryption string
var key = "v9y$B&E(H+MbQeThWmZq4t7w!z%C*F-J"
// 2. Replace strings "username", "password", "dbName"with credentials
var stringsToBeEncrypted = []string{
"username",
"password",
"dbName",
}
// 3. Run program to see encrypted credentials in console
func main() {
for i := range stringsToBeEncrypted {
encrypted, err := EncryptString(stringsToBeEncrypted[i])
if err != nil {
panic(err)
}
fmt.Printf("%s => %s\n", stringsToBeEncrypted[i],encrypted)
}
}
func EncryptString(str string) (encrypted string,err error) {
keyBytes := []byte(key)
block, err := aes.NewCipher(keyBytes)
if err != nil {
panic(err.Error())
}
aesGCM, err := cipher.NewGCM(block)
if err != nil {
panic(err.Error())
}
nonce := make([]byte, aesGCM.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err!= nil {
panic(err.Error())
}
strBytes := []byte(str)
cipherBytes := aesGCM.Seal(nonce, nonce, strBytes,nil)
return fmt.Sprintf("%x", cipherBytes), err
}
