Secrets management in Knime server

Folks, I need to retrieve passwords for external systems during workflow runs, but I need to prevent workflow users from having access to them. How does Knime server support this use case?

Hi @kalimist,
It depends. This is going to be difficult if you really need the credentials in a workflow the user has control over (read and write access to the workflow jobs). While it is not possible to directly see credentials that are in a credentials flow variable, a user could still with some effort extract the credentials. It is different for a user who can only execute a workflow, though. You can give users only “execute” permissions and this means they won’t be able to look inside the workflow to see what is going on, including credentials. If you have workflow builders who need access to data sources and you do not want to share the credentials with them, then I recommend Workflow Services. You can put the data retrieval into a workflow service and make that service “execute only”. Now a workflow builder can call that service from their workflow to get the data and they do not get to see the credentials. For ease of use I recommend wrapping the Call Workflow Service node they are supposed to use into a component and sharing that on your KNIME Server. That way a workflow builder can just drag the component into their workflow to access the data. Optionally, you can also use different Configuration nodes inside the component to let the user specify parameters for data retrieval that you can then pass on to the workflow service.
I hope this helps!
Kind regards,


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.