Managing Secrets for DataHub CLI Ingestion via Environment Variables and External Tools

user-2 · January 6, 2025, 12:01am

<@U06TM7M40RK> Hi! Im attempting to add an ingestion via CLI, but I am struggling to refer to the secret that I defined through UI. How come?

user-3 · January 6, 2025, 12:01am

When using the DataHub CLI for ingestion, referencing secrets that were defined through the UI can be a bit tricky because the CLI does not directly access the secrets stored in the DataHub UI. Instead, you need to use environment variables or an external secret management system to handle secrets in the CLI.

Here are some steps you can follow to manage secrets when using the CLI:

Use Environment Variables: You can set environment variables in your local or session environment to store secret values. These environment variables can then be referenced in your ingestion recipe.
External Secret Management: Consider using an external secret management tool like AWS Secrets Manager or HashiCorp Vault. Retrieve these secrets in your CLI session and set them as environment variables before running your ingestion command.

Ingestion Recipe: Ensure your ingestion recipe is set up to use these environment variables. For example, if you have a secret for a MySQL username, your recipe might look like this:

source:
    type: mysql
    config:
        host_port: 'localhost:3306'
        database: my_db
        username: ${MYSQL_USERNAME}
        password: ${MYSQL_PASSWORD}
        include_tables: true
        include_views: true
        profiling:
            enabled: true
sink:
    type: datahub-rest
    config:
        server: 'http://datahub-gms:8080'

Set Environment Variables: Before running your CLI command, set the necessary environment variables in your terminal session:
```
export MYSQL_USERNAME='your-username'
export MYSQL_PASSWORD='your-password'
```

According to the <Slack Slack discussion>, using environment variables or an external secret store is recommended for handling secrets in CLI-based ingestion.

Would you like more detailed steps or have any specific questions about this process?

Sources:

<Slack Slack Discussion on Secrets>
<https://github.com/datahub-project/datahub/blob/master/docs/ui-ingestion.md|DataHub UI Ingestion Documentation> 0 button 0 button Hint: Mention @runllm in the thread for followups.

user-3 · January 6, 2025, 12:01am

Hi <@U07RYKJ49LY>, how did my answer work out for you? Need any more assistance? You can also tag <@U07FV3UHE4D> to let your fellow community members know you’re still looking for guidance.

user-2 · January 6, 2025, 12:01am

OK for now, I’m just setting the secret variables locally in shell session. However a way to access/utilize the secrets that are set in the UI would be most welcome.

datahub_team · January 6, 2025, 12:01am

Hi ! Did this interaction resolve your issue or do you still require assistance ?

Please tag @ RunLLM if you still need further assistance !

Or tag @Datahub Community Support if you require a person to take a look

Hope this helps ! ><

Topic		Replies	Views
Storing and Retrieving Secrets in DataHub for Ingestion Source ingestion	4	75	July 22, 2024
Restricting User Access to Secrets in DataHub's UI Managed Ingestion ingestion	3	28	May 20, 2024
Troubleshooting Authentication for Running Ingestion Using `datahub-ingestion-cron` ingestion	10	29	June 10, 2024
Storage of Secrets and Ingestions in DataHub UI Containers ingestion	5	62	March 4, 2024
Updating Datahub Environment in the Cloud from CLI and Managing Ingestion Issues ingestion	6	74	March 4, 2024

Managing Secrets for DataHub CLI Ingestion via Environment Variables and External Tools

Related topics