Details

    • Sub-task
    • Status: Accepted
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • Documentation
    • None
    • Point
    • Not applicable

    Description

      A new function getSecret(secretname, valuename); has been added to ECL.

      It can be used to retrieve either kubernetes or vault secrets

      import Std;
      
      STRING pubKey := '-----BEGIN PUBLIC KEY-----' + '\n' +
      'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWnKkGM0l3Y6pKhxMq87hAGBL6' + '\n' +
      'FfEo2HC6XCSQuaAMLkdf7Yjn3FpvFIEO6A1ZYJy70cT8+HOFta+sSUyMn2fDc5cv' + '\n' +
      'VdX8v7XCycYXEBeZ4KsTCHHPCUoO/nxNbxhNz09T8dx/JsIH50LHipR6FTLTSCXR' + '\n' +
      'N9KVLaPXs5DdQx6PjQIDAQAB' + '\n' +
      '-----END PUBLIC KEY-----' + '\n';
      
      //--------------
      //K8S Example
      //--------------
      
      DATA k8sData := x'5C62E1843162330ED7BDAB7F37E50F892A669B54B8A466ED421F14954AA0505BA9EADAC4DA1D1FB1FD53EBDCF729D1049F893B3EE53ECCE48813A546CF58EBBB26EF5B9247002F7A8D1F90C3C372544501A126CEFC4B385BF540931FC0224D4736E4E1E4CF0C67D035063900887C240C8C4F365F0186ED0515E98B23C75E482A';
      VARSTRING k8sKey := (VARSTRING) getSecret('k8s-example', 'crypt.key');
      k8sEncModule := Std.Crypto.PKEncryptionFromBuffer('RSA', pubKey, k8sKey);
      
      output( (STRING)k8sEncModule.Decrypt(k8sData), named('k8s_message'));
      
      

      For more information:

      https://github.com/hpcc-systems/HPCC-Platform/blob/764fea81017ee517a548ad859f2bcafcd94324f7/helm/examples/secrets/README.md

      Especially where the document talks about "eclUser" category secrets.

      ECL code can only access secrets under the eclUser category. Other categories are intended for system use or use by internal ECL functions only.

      The difference between 'ecl' and 'eclUser' category secrets are that 'ecl' secrets can't be accessed directly in code. Rather they can be used by functions like HTTPCALL and SOAPCALL, but not exposed directly to code.

      Attachments

        Activity

          People

            jamesdefabia Jim DeFabia
            afishbeck Anthony Fishbeck
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: