community Alteryx IO Alteryx.com
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

POST (gallery/api/admin/v1/workflows/) to publish Encrypted Workflows

pankajsharmaswa
5 - Atom
‎10-15-2020 02:01 PM

Hi All....Need some guidance here. 

We are developing some automation around publishing the workflows to the Gallery. 

Our requirement is to publish only the "Encrypted" versions of the Workflows, as a security measure to limit the users to view the code (including the Author).

 

This is because our deployment pipeline adds credentials that can't be exposed after publishing to the Gallery.

 

The API gallery/api/admin/v1/workflows/ works perfectly fine for non-encrypted workflow packages (.yxzp) but not for packages that have encrypted workflows. 

 

FYI....Encryption is being done with 

AlteryxEngineCmd.exe /ENCRYPT <source file> <target file>

 

Is there a way to achieve it? The Designer option to save workflows on the gallery does have the option to encrypt the workflows. Is there anything equivalent while using the API?

 

The error returned from the API

 

{
"data": null,
"exceptionName": "UnknownException",
"innerExceptionMessage": "",
"message": "Unknown error.\nBadReadException\nRequestID: f203890eca6b4218ab07d72793bf86b9"
}

Labels:
Reply
0 Likes
2 REPLIES 2
KevinP
Alteryx Alumni (Retired)
‎10-19-2020 11:10 AM

@pankajsharmaswa I just did some testing around this and publishing encrpyted/locked workflows works as expected via the API as long as you are providing a valid yxzp file. Please note that the 'AlteryxEngineCmd.exe /encrypt' command you are referencing has been deprecated in current versions and you should use 'AlteryxEngineCmd.exe /lock' instead. Versions with this change will provide a warning/error on the command line to indicate the change.

 

Also please keep in mind that the /encrypt or /lock flag only encodes the referenced file. This command doesn't package the workflow, or any of it's associated assets as a yxzp. Since the API requires a yxzp I would highly recommend publishing this from Designer with the lock option, or using Designer's export functionality (Options>Export Workflow) with the lock option in order to ensure the workflow is properly packaged. Publishing or exporting the workflow from Designer will ensure that any additional workflow file (workflows, macros, & apps) dependencies are also encrypted. Doing this from the command line in the method you reference will require you to encrpyt/lock each file individually, and then manually package them as a yxzp before publishing via the API.

 

Please reference the following help documentation for more information:

 

Workflow Management > Export Workflow (Lock)

https://help.alteryx.com/current/designer/workflow-management#export-workflow

 

Lock your Workflow

https://help.alteryx.com/current/designer/lock-your-workflow

Reply
0 Likes
pankajsharmaswa
5 - Atom
‎03-09-2021 11:32 AM

Thanks @KevinP  for your reply to my post. In trying few suggestions that you mentioned, one thing that came out was:

 

'AlteryxEngineCmd.exe /encrypt' only encrypts workflows, apps and macros. And not the indbc connection files. This keeps the credentials vulnerable to exposure. (The package can be downloaded and unzipped to get to the indbc file, even though the yxmd file in that package can't be opened; because it is encrypted). 

 

This is only a partial solution to our problem. We wanted to encrypt every aspect of our workflows - Code, Credentials etc. 

 

I tried encrypting a sample .txt and .indbc files but the executable returns an errors complaining about the incorrect file type or missing nodes tag etc. 

 

So all in all: 

 

We know that API can publish the encrypted workflows but only encrypted workflows, apps and macros [CODE] and NOT some of the important files that need to be included in the package - e.g. indbc file. 

 

Please review our assessment here and correct us if wrong. 

 

Thanks

 

Reply
0 Likes
learn more about the python upgrade coming in may 2024
Labels