Hello team!
What is the recommended strategy to secure secrets in FME Form and python scrypts.
Thanks in advance.
have a great rest of your day.
Question
What options do we have to secure secrets in FME or in python callers
For FME, always use database and web connections, never hardcode any credentials. It should be possible to use those in Python as well, going through the appropriate API, see https://docs.safe.com/fme/html/fmepython/api/fmewebservices/connection.html#
That said, using environment variables in Python will be easier as long as you trust those having access to the machine. Note that as long as you can edit and run your own workspace on a given machine, it’s trivial to dump all environment variables to the FME log, even if you don’t have console access.
+31- Influencer
If you are referring to methods used in the workspace or PythonCallers, you can set a password in the Workspace Parameters. Other users can still run the workspace in Quick Translator without the password.
+46- Influencer
A password in a parameter is not really secure as anyone with access to the workspace can read it in plain text with a parameter fetcher
+31- Influencer
A password in a parameter is not really secure as anyone with access to the workspace can read it in plain text with a parameter fetcher
Can they? This is a password protected workspace in notepad. If there is a way around for this, I don’t see the point in the password parameter.
+46- Influencer
Sorry, i misread that you were referring to a workspace password. I’ve encountered many people who think that because a password in a user parameter shows as ***** it is secure.