Securely Passing Credentials

Including secret credentials in your Python code or as environment variables is risky!

Instead, Qwak offers the Secret Service for securely storing credentials for usage throughout your code.

Storing Credentials

To store credentials, first configure the Qwak CLI took and set new credentials in the Secret Service:

qwak secrets set --name aws-api-key value=the_value_of_the_key
qwak secrets set --name aws-api-secret value=the_value_of_the_secret

Retrieving Credentials in the Feature Store

Using the feature store requires access to your database. You'll have to provide credentials to the data ingestion code for it to work.

Store the credentials in the Secret Service using the commands listed above.
Use the secret names in your data source definition.

For example, in the case of Snowflake, we need to pass username_secret_name and password_secret_name parameters:

from qwak.feature_store.data_sources import SnowflakeSource

# The secret name stored in the Secret Service
QWAK_SECRET_SNOWFLAKE_USER = '<qwak_secret_snowflake_user>'
QWAK_SECRET_SNOWFLAKE_PASSWORD = '<qwak_secret_snowflake_password>'

# Snowflake table details
DATABASE='<snowflake_db_name>'
SCHEMA='<snowflake_schema_name>'
WAREHOUSE='snowflake_data_warehouse_name'
HOST='<SnowflakeAddress/DNS:port>'

snowflake_source = SnowflakeSource(
    name='my-snowflake-datasource',
    description='An example snowflake data source',
    date_created_column='DATE_COLUMN',
    username_secret_name=QWAK_SECRET_SNOWFLAKE_USER, 
    password_secret_name=QWAK_SECRET_SNOWFLAKE_PASSWORD,
    host=HOST,
    database=DATABASE,
    schema=SCHEMA,
    warehouse=WAREHOUSE
)

Updated 6 months ago