Private data storage
DataSphere provides a special tool called Vault for the secure handling of private data (such as keys and passwords). You can find the Vault on the tab.
A secret is a key-value pair with the value stored in an encrypted format. After you create the secret, you will see ***
instead of the value.
Secrets are created in a project and associated with it. You can use secrets as environment variables in a cell.
Tip
The advantage of a vault is that it stores and transmits secrets only in encrypted form. Do not output the value of a secret to the screen or assign it to a regular variable.
Scope of secrets
The scope of a secret defines where the secret will be available. Valid scope values are listed below:
- project: The secret is only available in its home project.
- folder: The secret is available to all projects in the project folder.
- cloud: The secret is available to all projects in the cloud.
You cannot modify a secret created in a different project, but you can modify a copy. A copied secret is separate from the original: you can edit and delete the copy without affecting the original.
You can't create secrets with identical names in the same project. Two secrets with identical names cannot exist in the same scope even if they were created in different projects. If secrets with identical names belonging to different scopes are visible to a project, then the secret with the narrowest
scope will be the one available for coding. A secret with folder scope overrides a secret of the same name with cloud scope, and a secret with project scope overrides secrets of the same name with folder and cloud scopes.