Secrets
Warning
This functionality is in "Preview" mode.
To work with external data sources in YDB, federated queries are used. Federated queries utilize various access credentials for authentication in external systems. These credentials are stored in separate objects called secrets. Secrets are only available for writing and updating; their values cannot be retrieved.
Warning
The current syntax for working with secrets is temporary and will be changed in future releases of YDB.
Creating secrets
Secrets are created using an SQL query:
CREATE OBJECT `MySecretName` (TYPE SECRET) WITH value=`MySecretData`;
Access management
All rights to use the secret belong to its creator. The creator can grant another user read access to the secret through access management for secrets.
Special objects called SECRET_ACCESS
are used to manage access to secrets. To grant permission to use the secret MySecretName
to the user another_user
, a SECRET_ACCESS
object named MySecretName:another_user
must be created.
CREATE OBJECT `MySecretName:another_user` (TYPE SECRET_ACCESS)