- Manage Security
Work with Secrets
StreamNative Cloud Secrets allow you to store and manage sensitive data such as passwords, tokens, and private keys. A Secret may contain numerous keys. You can create Secrets and refer to them for computing purposes (such as Pulsar connectors and Pulsar Functions).
Create Secrets
Note
The per-secret size is up to 1 Mebibyte (MiB).
To create a Secret using the StreamNative Cloud Console, follow these steps.
On the left navigation pane, in the Admin area, click Secrets.
Click Create Secret.
Configure the Secret.
- Name: enter the Secret name. The Secret name is unique across an organization. A secret name can contain any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-).|
- Location: select a Pulsar cluster location for the Secret.
- Key: enter the key for the Secret. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the Secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here.
- Value: enter the value for the Secret. Each value must consist of alphanumeric characters, '-', '_' or '.'.
Click Confirm.
Use Secrets
After creating a Secret, you can use it when submitting a function or connector.
Enable your function/connector to access the Secret.
public class ExampleFunction implements Function<String, Void> { @Override public String process(String input, Context context) { String secretValue = context.getSecret("SECRET1"); # access secret value with the name you need; this name will be set during submission System.out.println(secretValue) # You should never log or print the secret value in a production environment. } }
Submit the function/connector referring to the Secret.
The following is an example of using the
pulsar-admin
CLI tool../bin/pulsar-admin functions create \ --jar /pf-examples/pf-examples-jar-with-dependencies.jar \ --classname io.streamnative.function.SecretFunction \ --inputs public/default/secret-test \ --output public/default/test-output \ --name SecretTest \ --secrets '{"SECRET1": {"path": "lambda-sink-secret", "key": "awsAccessKey"}}'
Note
- The
SECRET1
in the--secrets
parameter is the name you used in your function or connector code to access the Secret value. - The
path
in the--secrets
parameter is the Secret name you created. - The
key
in the--secrets
parameter is the key you used in the Secret.
Delete Secrets
To delete a Secret, follow these steps.
On the left navigation pane, in the Admin area, click Secrets.
Click Delete Secret. A dialog box displays, asking Are you sure you want to delete?
Enter the Secret name and then click Delete Secret.