18. Managing Credentials¶
The data sources used in this tutorial have been publicly accessible. However, RAW can access secure servers. This requires registering credentials in RAW’s Credentials Service.
Generally, then registering a credential, a name is then given to the credential; this name is then used in the query to refer to the set of credentials to use.
Credentials can be managed in the Web Admin UI, command-line client, or even using Jupyter magics. However, we recommend to register credentials in the Web Admin UI, so that secrets are never stored in a notebook.
For instance, for relational databases, the Jupyter magic
%%rdbms_register can be used. It requires the following parameters:
%%rdbms_register <credentials name> type: <database vendor: e.g. postgresql, mysql, sqlserver, oracle, teradata....> host: <host> [database: <database>] [port: <port>] [username: <username>] [password: <password>] [parameters: <parameters>] -- only for teradata databases
Suppose we registered a PostgreSQL credential with:
%%rdbms_register psql01 type: postgresql host: postgres-demo.server.host database: demo_db username: raw password: 12345
Then the PostgreSQL service can be queried with:
%%rql SELECT * FROM READ_PGSQL("psql01", "schema", "table")
psql01 refers to the credential name used in the
To list existing credentials:
Or in the case of access keys/secrets for S3 buckets on AWS: