community Alteryx IO Mission Control
alteryx Community

Alteryx IO Discussions

Customize and extend the power of Alteryx with SDKs, APIs, custom tools, and more.
SOLVED

How to access `model.Secrets` in the backend?

mkhtran
9 - Comet
‎09-18-2023 11:42 AM

My UI is using `model.Secrets` to manage a password.

 

 

<DesignerApi
  messages={messages}
  defaultConfig={{
    Configuration: {},
    Secrets: {
      password: { text: '', encryptionMode: 'obfuscation' }
    }
  }}
>

 

 

But how do I access the value in the Python backend? I can't find a `self.provider.tool_config` equivalent for the `model.Secrets`.

Labels:
Reply

Accepted SolutionSolved! Go to Solution.

5 REPLIES 5
mkhtran
9 - Comet
‎09-18-2023 12:55 PM

Seems that `model.Secrets` will be made available through `tool_config.Secrets` which means secrets can be accessed by

 

1. Get the Secrets object through `secrets = self.provider.tool_config.get("Secrets")`. Note: this means that if you have a configuration key named "Secrets" it will be overwritten.

2. The Secrets object will have the type OrderedDict[str, OrderedDict[str, str]]. The inner OrderedDict has the shape { "text": str, "encryptionMode": str, "encrypted": str }. Get a Secrets entry with `mySecret = secrets.get(secretsKey)`.

3. Decrypt the value of Secrets entry based on the encryptionMode somehow? My only guess to do this step involves the deprecated function `self.provider.dcm.decrypt_password(mySecret.get("text"))`, but this will just hang Designer indefinitely.

Reply
dmotter
5 - Atom
‎11-12-2023 05:59 PM

Did you ever figure out how to do this? I am in the same boat right now.

Reply
0 Likes
mkhtran
9 - Comet
‎11-13-2023 09:56 AM

I've detailed how to use it here: https://community.alteryx.com/t5/Alteryx-IO-Discussions/Guide-Developing-Custom-Tools-for-Designer/m...

 

The gist of it is that `encryptionMode` must be `machine` or `user`, and using `obfuscation` will cause the program to hang. I currently have an open ticket with Alteryx investigating if `obfuscation` can be used, and I will update with any additional info I receive. It appears whether `obfuscation` works may depend on your operating system.

 

Alteryx support then suggests using `self.provider.io.decrypt_password()` to decrypt secrets. This function is marked as deprecated and will suggest switching to `self.provider.dcm.decrypt_password()` which is also marked as deprecated. Both functions do the exact same thing.

 

If your project requires an unsecure equivalent of `obfuscation` (e.g. the workflow will be executed on various machines or through Alteryx Server), you are better off creating your own obfuscation/deobfuscation methods and sticking to `model.Configuration`.

Reply
dmotter
5 - Atom
‎11-13-2023 11:14 AM

Thank you for the quick reply and the useful information!

Reply
0 Likes
mkhtran
9 - Comet
‎11-21-2023 09:56 AM

Seems that Alteryx has closed my ticket without a response, so I assume "obfuscation" is simply no longer supported and will close this thread.

Reply
0 Likes