Using DEW to Manage Access Credentials for Data Sources
When using DLI to submit jobs that involve reading and writing data from external sources, it is crucial to securely access these sources by properly storing their access credentials. This ensures the authentication of the data source and enables secure access by DLI. DEW is a comprehensive cloud-based encryption service that addresses data security, key security, and complex key management issues. This section describes how to use DEW to store authentication information for a data source.
For details, see Data Encryption Workshop (DEW).
Creating a Shared Secret in DEW
- Log in to the DEW management console.
- In the navigation pane on the left, choose Cloud Secret Management Service > Secrets.
- Click Create Secret. On the displayed page, configure basic secret information.
- Secret Name: Enter a secret name. In this example, the name is secretInfo.
- Secret Value: Enter the username and password for logging in to the RDS for MySQL DB instance.
- The key in the first line is MySQLUsername, and the value is the username for logging in to the DB instance.
- The key in the second line is MySQLPassword, and the value is the password for logging in to the DB instance.
Figure 1 Secret Value
- Set other parameters as required and click OK.
Using the Secret Created in DEW in a DLI Job
This part uses a Flink job as an example to describe how to use credentials created in DEW.
WITH ( 'connector' = 'jdbc', 'url? = 'jdbc:mysql://MySQLAddress:MySQLPort/flink',--flink is the MySQL database where the orders table locates. 'table-name' = 'orders', 'username' = 'MySQLUsername', -- Shared secret in DEW whose name is secretInfo and version is v1. The key MySQLUsername defines the secret value. The value is the user's sensitive information. 'password' = 'MySQLPassword', -- Shared secret in DEW whose name is secretInfo and version is v1. The key MySQLPassword defines the secret value. The value is the user's sensitive information. 'sink.buffer-flush.max-rows' = '1', 'dew.endpoint'='kms.xxxx.com', --Endpoint information for the DEW service being used 'dew.csms.secretName'='secretInfo', --Name of the DEW shared secret 'dew.csms.decrypt.fields'='username,password', --The password field value must be decrypted and replaced using DEW secret management. 'dew.csms.version'='v1' );
Related Operations
For how to use a DLI agency to obtain access credentials, see Table 1.
Type |
Instruction |
Description |
---|---|---|
Flink job |
Flink OpenSource SQL Jobs Using DEW to Manage Access Credentials |
Guideline for using DEW to manage and access credentials for Flink OpenSource SQL jobs. When writing the output data of Flink jobs to MySQL or GaussDB(DWS), set attributes such as the username and password in the connector. |
Flink Jar Jobs Using DEW to Acquire Access Credentials for Reading and Writing Data from and to OBS |
Guideline for Flink Jar jobs to acquire an AK/SK to read and write data from and to OBS. |
|
DLI provides a common interface to obtain temporary credentials for Flink job agencies set by users during job launch. The interface encapsulates the obtained temporary credentials for the job agency in the com.huaweicloud.sdk.core.auth.BasicCredentials class. Guideline for obtaining a temporary credential for a Flink job agency. |
||
Spark job |
Spark Jar Jobs Using DEW to Acquire Access Credentials for Reading and Writing Data from and to OBS |
Guideline for Spark Jar jobs to acquire an AK/SK to read and write data from and to OBS. |
Guideline for obtaining a temporary credential for a Spark Jar job agency. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot