Message Boards Message Boards

1
|
3792 Views
|
1 Reply
|
2 Total Likes
View groups...
Share
Share this post:

Using SystemCredentials in the cloud

Posted 4 years ago

Has anyone had any luck using the new encrypted credential storage features of 12.1 in the cloud?

I am trying to use the new SystemCredential system introduced in 12.1, but I’d like to store these credentials persistently in the cloud. The documentation mentions that the “EncryptedFile” backed is supported in the cloud, but when I try using SystemCredential in a cloud notebook, I get an error:

SystemCredential["key"]="value"

... CreateDirectory: The operation CreateDirectory is not allowed while running in sandbox mode
... SystemCredential: Could not set the value in credential manager.

The stack trace for CreateDirectory seems to show the system trying to creat a directory in /www/tomcat/home/.Mathematica/ApplicationData/Credentials/ I would assume the backing file would be automatically stored in Base/ApplicationData/Credentials for the particular cloud user executing the set call to SystemCredential.

I tried setting $SytemCredentialStore to a SystemCredentialStoreObject with “EncryptedFileLocation” set to a cloud object representing Base/ApplicationData/Credentials directly but it did not work.

For background, I am trying to set up a recurring task in the cloud that scrapes a web page, but gets the credentials for the web page from the cloud-based credential storage so I don’t have to hard code those credentials into the definition of the task and can update them independently.

Any help would be appreciated.

I solved the issue. It looks like the default SystemCredentialStoreObject uses an EcryptedFile backend but the EncryptedFileLocation defaults to ApplicationData/Credentials in the \ $BaseDirectory, not the \$UserBaseDirectory. Presumably this is intentional as normally the credentials are shared across user accounts. In the cloud, this doesn’t work, for obvious reasons.

SystemCredentialStoreObject requires a local path, not a CloudObject, so setting the following works.

$SystemCredentialStore = SystemCredentialStoreObject[
<| "Backend"->"EncryptedFileSystem",
    "Keyring"->"System", 
    "EncryptedFileLocation"->FileNameJoin[{$UserBaseDirectory,"Application","Credentials"}]
|>]

It looks like setting $DefaultSystemCredentialStore in the cloud doesn’t work, however you can configure your cloud environment using InitializationValue to set up your credential store for you automatically by executing the following in the cloud.

InitializationValue[$SystemCredentialStore,"Local"] = SystemCredentialStoreObject[
    <| "Backend"->"EncryptedFileSystem",
        "Keyring"->"System", 
        "EncryptedFileLocation"->FileNameJoin[{$UserBaseDirectory,"Application","Credentials"}]
    |>]

This is not perhaps ideal, as it $UserBaseDirectory is not resolved at Initialization time. Also, it would be nice to store the initialization value in the Cloud persistence location, rather than the Local location in the cloud, but it seems that the Cloud location is not on the persistence path in the cloud itself,despite what this workflow suggests.

Reply to this discussion
Community posts can be styled and formatted using the Markdown syntax.
Reply Preview
Attachments
Remove
or Discard

Group Abstract Group Abstract