Encrypt Password

Password handling in Datacoral

All customer data is encrypted at rest as well as in motion using customer managed KMS keys. Datacoral’s cross-account role does not have decrypt permissions on the KMS keys. This means that Datacoral cannot read any customer data. The credentials needed by the collect slices to connect to SaaS products and databases are also stored encrypted using customer managed KMS keys within your AWS account in Amazon DynamoDB.

Credentials

Data Source Credentials like database connection strings and API keys for SaaS products are stored in DynamoDB encrypted using your KMS keys.
Credentials for analytics databases like hive and redshift are also stored encrypted in DynamoDB

When adding slices, credentials can be provided in clear text and Datacoral would encrypt it for you before storing the entry into DynamoDB and decrypt when describing the slice.

However, we do recommend using pre-encrypted credentials, as it allows for you to source control configuration files to automate installations for Data Ops and share configurations without compromising security.

Encode password

Steps to encrypt your password are:

Set your installation name and password in the following variables

export installation=YOUR_INSTALLATION_NAME key=YOUR_PASSWORD;

Encrypt and encode your password

aws kms encrypt --key-id alias/datacoral-${installation} --plaintext ${key}  --output text | awk '{print $1;}'  | node -e "console.log(JSON.stringify(JSON.parse(JSON.stringify(new Buffer(fs.readFileSync(0).toString(), 'base64'))).data));"

Use the integer array to add slices

Datacoral Documentation

API Slices

Database Slices

Events Slices

Password handling in Datacoral

Credentials

Encode password