Alteryx Designer Desktop Discussions

Tim,

I looked at some of my files in a text editor that uses database connections around my company and mine didn't have credentials in the XML. I did some further digging and it seems like if you have a connection on the server and when adding it to your workflow you use that "Gallery" connection, it just puts the name of the connection in the XML.

If you manually configure the connection it places the Encoded password in the XML. I assume this "encoding" is probably pretty easy to reverse engineer. Doesn't look to be some sort of really sophisticated encryption.

My #1 recommendation would be to use server configuration for database connections and train users to not use local db connections for checked-in workflows.

The more complicated alternative would be to setup a pre-commit routine in GIT that would find and remove these passwords from the XML and then put them back when you run your production pipeline. So you could do something like find all XML in <password> brackets and replace with something like {PASSWORD REMOVED}. Then, assuming you are automating deployment with git, you could have it add that back to the XML before deployment.

Option 2 seems overly complicated to me, but might be helpful if you just want to wipe out those credentials because you have users that won't know any better. Using global pre-commit hook to prevent committing unwanted code | by Benoît Ripoche | Medium

Hi,

Thanks for the reply!  We are going with your Option #1.  We don't think Github (we use a product called BitBucket)  is a perfect solution but it's definitely provided a few Compliance enforced needs.  Now all of our Alteryx Community puts their code into Bitbucket when they have satisfied certain criteria.  We then migrate ultimately to Production.  We have two test envs Sandbox => UAT => Prod.  Assets go into Bitbucket from RD.  Our next desire is to automate the Prod implementation using Bitbucket and Alteryx Admin API if that is possible.

Regards,

Tim