Secrets

Warning

This functionality is in "Preview" mode.

To work with external data sources in YDB, federated queries are used. Federated queries utilize various access credentials for authentication in external systems. These credentials are stored in separate objects called secrets. Secrets are only available for writing and updating; their values cannot be retrieved.

Warning

The current syntax for working with secrets is temporary and will be changed in future releases of YDB.

Creating secrets

Secrets are created using an SQL query:

CREATE OBJECT `MySecretName` (TYPE SECRET) WITH value=`MySecretData`;

Access management

All rights to use the secret belong to its creator. The creator can grant another user read access to the secret through access management for secrets.

Special objects called SECRET_ACCESS are used to manage access to secrets. To grant permission to use the secret MySecretName to the user another_user, a SECRET_ACCESS object named MySecretName:another_user must be created.

CREATE OBJECT `MySecretName:another_user` (TYPE SECRET_ACCESS)