Question
How should I best utilize the secrets object in a cloud function?
Environment
Cloud function connectors
Answer
- Ensure you do not hard-code authentication details into the function code.
- Ensure your function can use the contents of the
secretsobject to authenticate with the source API.
Example pseudo-code for this scenario:
let post = https.request({
method: 'POST',
hostname: 'url.com'
headers: {
'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
'Content-Length': 'grant_type=client_credentials'.length,
'Authorization': 'Basic ' + Buffer.from(`${req.body.secrets.value}`, 'utf8').toString('base64')
}
Context
The secrets object is what Fivetran provides on initial invocation of your function to ensure that authentication details for the source API are not hard-coded into the code of the function.
For example:
- On the invocation of a function, the
secretsobject will be passed as a string populated with the credentials entered into the Fivetran setup form as part of a larger object: - {"secrets":{"apiAuthenticationParameter": "parameterValue"},"state": {},"agent": "fivetran/fivetran/function"}
- Parse out the value of the
secretsobject and use the parameter(s) to authenticate your request to the source API
Considerations
Whilst you do not have to utilize the secrets object, Fivetran does make the field mandatory within the connector setup form. Therefore, you can choose to just add an empty JSON object: