How to access `model.Secrets` in the backend?

My UI is using `model.Secrets` to manage a password.

<DesignerApi
  messages={messages}
  defaultConfig={{
    Configuration: {},
    Secrets: {
      password: { text: '', encryptionMode: 'obfuscation' }
    }
  }}
>

But how do I access the value in the Python backend? I can't find a `self.provider.tool_config` equivalent for the `model.Secrets`.

Developer

Python

SDK

Accepted answers

mkhtran

I've detailed how to use it here: https://community.alteryx.com/t5/Alteryx-IO-Discussions/Guide-Developing-Custom-Tools-for-Designer/m-p/1202171/highlight/true#M358

The gist of it is that `encryptionMode` must be `machine` or `user`, and using `obfuscation` will cause the program to hang. I currently have an open ticket with Alteryx investigating if `obfuscation` can be used, and I will update with any additional info I receive. It appears whether `obfuscation` works may depend on your operating system.

Alteryx support then suggests using `self.provider.io.decrypt_password()` to decrypt secrets. This function is marked as deprecated and will suggest switching to `self.provider.dcm.decrypt_password()` which is also marked as deprecated. Both functions do the exact same thing.

If your project requires an unsecure equivalent of `obfuscation` (e.g. the workflow will be executed on various machines or through Alteryx Server), you are better off creating your own obfuscation/deobfuscation methods and sticking to `model.Configuration`.

All comments

mkhtran

Seems that `model.Secrets` will be made available through `tool_config.Secrets` which means secrets can be accessed by

1. Get the Secrets object through `secrets = self.provider.tool_config.get("Secrets")`. Note: this means that if you have a configuration key named "Secrets" it will be overwritten.

2. The Secrets object will have the type OrderedDict[str, OrderedDict[str, str]]. The inner OrderedDict has the shape { "text": str, "encryptionMode": str, "encrypted": str }. Get a Secrets entry with `mySecret = secrets.get(secretsKey)`.

3. Decrypt the value of Secrets entry based on the encryptionMode somehow? My only guess to do this step involves the deprecated function `self.provider.dcm.decrypt_password(mySecret.get("text"))`, but this will just hang Designer indefinitely.

dmotter

Did you ever figure out how to do this? I am in the same boat right now.

mkhtran

I've detailed how to use it here: https://community.alteryx.com/t5/Alteryx-IO-Discussions/Guide-Developing-Custom-Tools-for-Designer/m-p/1202171/highlight/true#M358

mkhtran

Seems that Alteryx has closed my ticket without a response, so I assume "obfuscation" is simply no longer supported and will close this thread.

Quick Links

This months top contributors

atcodedog05 19458

Qiu 15866

binu_acs 15708

MarqueeCrew 13708

apathetichell 13703