In this tutorial we will see how to ensure the sensitive data of a component configuration is correctly handled.
The component configuration
It is very common to define credentials in a component configuration. Most known use cases will be:
-
Passwords,
-
Secrets,
-
Potentially keys (it is also common to show them in plain text in a textarea),
-
Tokens
To illustrate that we will use a REST client configuration which takes a username, password and token to connect to the REST API:
@Data // or getters/setters if you don't use lombok
@GridLayout({
@GridLayout.Row({ "username", "password" }),
@GridLayout.Row("token")
})
public class RestApiConfiguration implements Serializable {
@Option
private String username;
@Option
private String password;
@Option
private String token;
}This simple configuration defines three String without any specific widget
so they will be represented as plain inputs.
There are two major consequences you probably want to avoid:
-
The password and token will be clearly readable in all Talend user interfaces (Studio or Web),
-
The password and token will be potentially stored in clear.
Mark sensitive data
To solve that, Talend Component Kit provides you @Credential marker you can use
on any @Option. This marker will have two effects:
-
Replace the default input widget by a password oriented one (See widgets gallery for screenshots),
-
Request the Studio or the Talend Cloud products to store the data as sensitive data (as encrypted values).
To ensure our password and token are never stored in clear or shown in the code
we migrate our previous model to the following one:
@Data // or getters/setters if you don't use lombok
@GridLayout({
@GridLayout.Row({ "username", "password" }),
@GridLayout.Row("token")
})
public class RestApiConfiguration implements Serializable {
@Option
private String username;
@Option
@Credential
private String password;
@Option
@Credential
private String token;
}And that it is! Now your password and token will not be accessible by error anymore :).