Currently there is a security limitation—passwords stored in Credential Configuration nodes cannot be securely passed to Python Script nodes, as scripts could inadvertently expose or misuse plaintext credentials. This restriction makes perfect sense from a security perspective.
However, I’d like to suggest exploring the possibility of integrating homomorphic encryption (HE) into KNIME to address this challenge.
Why Homomorphic Encryption?
Homomorphic encryption allows computations directly on encrypted data without requiring decryption, thus maintaining strict confidentiality of sensitive information throughout the workflow.
Example Use Case:
- Credentials are encrypted using homomorphic encryption methods in KNIME.
- Encrypted credentials can safely pass into Python Script nodes.
- Python scripts perform encrypted computations (like validation or checks) without ever accessing plaintext data.
- Results remain encrypted until securely decrypted elsewhere within the KNIME environment, avoiding any exposure of sensitive credentials.
Benefits:
- Enhanced security and compliance
- Allows more flexible and secure integration with Python scripts
- Maintains strict protection of sensitive credentials throughout workflows
Integrating HE libraries (e.g., TenSEAL, Microsoft SEAL) might be a suitable technical direction.
Thanks for considering this suggestion!