1. Manage Security

Work with Secrets

StreamNative Cloud Secrets allow you to store and manage sensitive data such as passwords, tokens, and private keys. A Secret may contain numerous keys. You can create Secrets and refer to them for computing purposes (such as Pulsar connectors and Pulsar Functions).

Create Secrets

Note

The per-secret size is up to 1 Mebibyte (MiB).

To create a Secret using the StreamNative Cloud Console, follow these steps.

  1. On the left navigation pane, in the Admin area, click Secrets.

  2. Click Create Secret.

    screenshot of creating secrets

  3. Configure the Secret.

    • Name: enter the Secret name. The Secret name is unique across an organization. A secret name can contain any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-).|
    • Location: select a Pulsar cluster location for the Secret.
    • Key: enter the key for the Secret. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the Secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here.
    • Value: enter the value for the Secret. Each value must consist of alphanumeric characters, '-', '_' or '.'.
  4. Click Confirm.

Use Secrets

After creating a Secret, you can use it when submitting a function or connector.

  1. Enable your function/connector to access the Secret.

    public class ExampleFunction implements Function<String, Void> {
        @Override
        public String process(String input, Context context) {
            String secretValue = context.getSecret("SECRET1"); # access secret value with the name you need; this name will be set during submission
            System.out.println(secretValue) # You should never log or print the secret value in a production environment.
        }
    }
    
  2. Submit the function/connector referring to the Secret.

    The following is an example of using the pulsar-admin CLI tool.

    ./bin/pulsar-admin functions create \
    --jar /pf-examples/pf-examples-jar-with-dependencies.jar \
    --classname io.streamnative.function.SecretFunction \
    --inputs public/default/secret-test \
    --output public/default/test-output \
    --name SecretTest \
    --secrets '{"SECRET1": {"path": "lambda-sink-secret", "key": "awsAccessKey"}}'
    

Note

  • The SECRET1 in the --secrets parameter is the name you used in your function or connector code to access the Secret value.
  • The path in the --secrets parameter is the Secret name you created.
  • The key in the --secrets parameter is the key you used in the Secret.

Delete Secrets

To delete a Secret, follow these steps.

  1. On the left navigation pane, in the Admin area, click Secrets.

  2. Click Delete Secret. A dialog box displays, asking Are you sure you want to delete?

  3. Enter the Secret name and then click Delete Secret.

Previous
Concepts