Centralize Credential Storage

Hi,

multiple times on a daily basis I find myself in search for and managing credentials. I.e. for some clients of mine or workflows I use for my own business, I have to enter credentials over and over again.

I’d like to suggest to create a central credential storage, similar to saved sessions in Putty or bookmarks in Cyberduck

image

And add an option to select the corresponding saved sessions / bookmarks.

That way, when a new workflow is created or credentials are rotated, it must be altered only once substantially reducing maintenance time that could be spend more productively.

Adding to this, if credentials are clearly insecure (mot matching certain patterns or length) or no or an outdated encryption method is used, warnings could be displayed educating users and improving overall security too.

Best
Mike

To be honest, I think safety is very difficult. Maybe integrating a solution like 1password cli is a relatively ideal solution

Get started with 1Password CLI | 1Password Developer

I initially thought about leveraging 3rd party API/CLI as well but that might add a ton of complexity just by making the decision which to use. Either a specific or all since the approach likely must be enterprise compatible as well.

Indeed. But in general, I feel that security is too difficult to do well, and the risks of unified storage are too high.

Difficulty aside, your suggestion is definitely a good one

1 Like

Hello @mwiegand ,
KNIME Hub comes with Secrets that allow users to centrally store and manage their logins to other systems: KNIME Secrets User Guide
Secrets can be used in KNIME workflows via the Secrets Retriever node.
Would this be a solution to your problem?
Bye
Tobias

3 Likes

Hi!

I centralize all my credencials using a csv file and some nodes to recover and use them, when some password change I just update it into this file. The way I finded to overcome the problem about centralize credencials. It have been working very well.

Hi @elaisafonceca. I understand your point, but it is recomended not storing passwords in a CSV file. This store data in plain text, meaning anyone with access to the file can easily read the passwords. This makes them extremely vulnerable to theft or unauthorized access.
If you need to store passwords for a large number of users, consider using a secure database with strong encryption and access controls.
Br

1 Like

Ah ha, I didn’t know this yet. It seems that this can only be used by the business hub. The same is true for local use, It needs to be connected to the business hub to use secrets. Is my understanding correct? @tobias.koetter