Group Abstract Group Abstract

Message Boards Message Boards

1
|
4.8K Views
|
1 Reply
|
2 Total Likes
View groups...
Share
Share this post:

Using SystemCredentials in the cloud

Nicholas Engelking, CIBC
Posted 5 years ago

Has anyone had any luck using the new encrypted credential storage features of 12.1 in the cloud?

I am trying to use the new SystemCredential system introduced in 12.1, but I’d like to store these credentials persistently in the cloud. The documentation mentions that the “EncryptedFile” backed is supported in the cloud, but when I try using SystemCredential in a cloud notebook, I get an error:

SystemCredential["key"]="value"

... CreateDirectory: The operation CreateDirectory is not allowed while running in sandbox mode
... SystemCredential: Could not set the value in credential manager.

The stack trace for CreateDirectory seems to show the system trying to creat a directory in /www/tomcat/home/.Mathematica/ApplicationData/Credentials/ I would assume the backing file would be automatically stored in Base/ApplicationData/Credentials for the particular cloud user executing the set call to SystemCredential.

I tried setting $SytemCredentialStore to a SystemCredentialStoreObject with “EncryptedFileLocation” set to a cloud object representing Base/ApplicationData/Credentials directly but it did not work.

For background, I am trying to set up a recurring task in the cloud that scrapes a web page, but gets the credentials for the web page from the cloud-based credential storage so I don’t have to hard code those credentials into the definition of the task and can update them independently.

Any help would be appreciated.
POSTED BY: Nicholas Engelking
1 Reply
Sort By:

I solved the issue. It looks like the default SystemCredentialStoreObject uses an EcryptedFile backend but the EncryptedFileLocation defaults to ApplicationData/Credentials in the \ $BaseDirectory, not the \$UserBaseDirectory. Presumably this is intentional as normally the credentials are shared across user accounts. In the cloud, this doesn’t work, for obvious reasons.

SystemCredentialStoreObject requires a local path, not a CloudObject, so setting the following works.

$SystemCredentialStore = SystemCredentialStoreObject[
<| "Backend"->"EncryptedFileSystem",
    "Keyring"->"System", 
    "EncryptedFileLocation"->FileNameJoin[{$UserBaseDirectory,"Application","Credentials"}]
|>]

It looks like setting $DefaultSystemCredentialStore in the cloud doesn’t work, however you can configure your cloud environment using InitializationValue to set up your credential store for you automatically by executing the following in the cloud.

InitializationValue[$SystemCredentialStore,"Local"] = SystemCredentialStoreObject[
    <| "Backend"->"EncryptedFileSystem",
        "Keyring"->"System", 
        "EncryptedFileLocation"->FileNameJoin[{$UserBaseDirectory,"Application","Credentials"}]
    |>]

This is not perhaps ideal, as it $UserBaseDirectory is not resolved at Initialization time. Also, it would be nice to store the initialization value in the Cloud persistence location, rather than the Local location in the cloud, but it seems that the Cloud location is not on the persistence path in the cloud itself,despite what this workflow suggests.
POSTED BY: Nicholas Engelking
Reply to this discussion
Community posts can be styled and formatted using the Markdown syntax.
Tag limit exceeded
Note: Only the first five people you tag will receive an email notification; the other tagged names will appear as links to their profiles.
Reply Preview
Attachments
Remove
or Discard