{"type":"doc","content":[{"type":"paragraph","content":[{"text":"In","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"b4db6727-a0a6-44af-82e8-71859206309b"}},{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"a0549b70-cd10-492d-a609-8bd751640866"}}]},{"text":" ","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"a0549b70-cd10-492d-a609-8bd751640866"}}]},{"text":"CDAP, you can use secure keys to store sensitive information in a secure and encrypted manner. You might use secure keys for a passphrase, cryptographic key, access token, or any other data that needs to be stored securely.","type":"text"}]},{"type":"paragraph","content":[{"text":"You can use secure keys in the CDAP Sandbox, in-memory CDAP, and Distributed CDAP. The basic steps for creating secure keys is the same for all three versions of CDAP. The main difference is that CDAP Sandbox and in-memory CDAP use the ","type":"text"},{"text":"Sun JCEKS","type":"text","marks":[{"type":"link","attrs":{"href":"http://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html#KeyManagement"}}]},{"text":" implementation for storing secure keys and Distributed CDAP uses ","type":"text"},{"text":"Hadoop KMS (Key Management Server)-backed","type":"text","marks":[{"type":"link","attrs":{"href":"https://hadoop.apache.org/docs/stable/hadoop-kms/index.html"}}]},{"text":" secure ","type":"text"},{"text":"storage","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"fc164c2f-1477-4188-82ed-375d21e41dff"}}]},{"text":". For more information, see ","type":"text"},{"text":"Secure Storage","type":"text","marks":[{"type":"link","attrs":{"href":"https://cdap.atlassian.net/wiki/spaces/DOCS/pages/480347053/Secure+Storage"}}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"secure keys framework is pluggable","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"b68d9f3d-46ba-4280-8181-463e132f4940"}}]},{"text":", and you can also ","type":"text"},{"text":"build your own secure key implementation","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"e6c12014-5d0f-4f0e-9b6c-853baba7eb20"}}]},{"text":" to store the data in encrypted storage of your choice. For example, Cloud Data Fusion, which is the managed version of CDAP on GCP, uses Cloud KMS to store secure keys.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Creating Secure Keys","type":"text"}]},{"type":"paragraph","content":[{"text":"Secure keys are stored in the namespace where you create them and are unique to that namespace. You cannot share or copy secure keys across namespaces. ","type":"text"}]},{"type":"paragraph","content":[{"text":"After you create a secure key, you can use the secure key in a pipeline or a compute profile. ","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Creating a Secure Key (CDAP Sandbox and in-memory CDAP)","type":"text"}]},{"type":"paragraph","content":[{"text":"To create a secure key, complete the following steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To configure CDAP to use secure storage, edit the cdap-site.xml and cdap-security files. ","type":"text"},{"type":"hardBreak"},{"text":"For more information, see the “","type":"text"},{"text":"File-","type":"text","marks":[{"type":"link","attrs":{"href":"https://cdap.atlassian.net/wiki/spaces/DOCS/pages/480347053/Secure+Storage"}}]},{"text":"backed","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"f324beac-4795-4417-89cf-e0b57ed0033a"}},{"type":"link","attrs":{"href":"https://cdap.atlassian.net/wiki/spaces/DOCS/pages/480347053/Secure+Storage"}}]},{"text":" Secure Storage","type":"text","marks":[{"type":"link","attrs":{"href":"https://cdap.atlassian.net/wiki/spaces/DOCS/pages/480347053/Secure+Storage"}}]},{"text":"” section.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To create a secure key, use the ","type":"text"},{"text":"Secure Storage HTTP RESTful API","type":"text","marks":[{"type":"link","attrs":{"href":"https://cdap.atlassian.net/wiki/spaces/DOCS/pages/477790661/Security+HTTP+RESTful+API?focusedCommentId=798621721#comment-798621721"}}]},{"text":". For more information, see the “Add a Secure Key” section.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"After you create the secure key, you can use it in pipelines or a compute profile. ","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Creating a Secure Key (Distributed CDAP)","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"aac7c9b7-92ac-47f1-b33c-29ddb2ed8195"}}]}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Configure CDAP to use Hadoop KMS. For more information on integration with Hadoop KMS, see to ","type":"text"},{"text":"Apache Hadoop Key Management Server (KMS)","type":"text","marks":[{"type":"link","attrs":{"href":"https://cdap.atlassian.net/wiki/spaces/DOCS/pages/480478212/Apache+Hadoop+Key+Management+Server+KMS"}}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To configure CDAP to use secure storage, edit the cdap-site.xml and cdap-security files. ","type":"text"},{"type":"hardBreak"},{"text":"For more information, see the “","type":"text"},{"text":"Hadoop Key Management Server-backed Secure Storage Secure Storage","type":"text","marks":[{"type":"link","attrs":{"href":"https://cdap.atlassian.net/wiki/spaces/DOCS/pages/480347053/Secure+Storage"}}]},{"text":"” section.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To create a secure key, use the ","type":"text"},{"text":"Secure Storage HTTP RESTful API","type":"text","marks":[{"type":"link","attrs":{"href":"https://cdap.atlassian.net/wiki/spaces/DOCS/pages/477790661/Security+HTTP+RESTful+API?focusedCommentId=798621721#comment-798621721"}}]},{"text":". For more information, see the “Add a Secure Key” section.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"After you create the secure key, you can use it in pipelines or a compute profile. ","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Using Secure Keys","type":"text"}]},{"type":"paragraph","content":[{"text":"You can use secure keys in plugins and compute profiles. For pipelines, you add the secure key as a macro in any plugin that requires authentication. Likewise, you can add it to a namespace compute profile or system compute profile. For example, you might create a compute profile for a Dataproc cluster and use a secure key and for the Service Account Key in the compute profile.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Example: Using a Secure Key in a Pipeline","type":"text"}]},{"type":"paragraph","content":[{"text":"You’re using CDAP and want to create a pipeline that reads from a source database. You also want to create a secure key for your database password. It’s easy to do this in CDAP. The following steps walk you through this example.","type":"text"}]},{"type":"paragraph","content":[{"text":"To add a secure key to a pipeline, complete the following steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In CDAP, open the HTTP interface. Click ","type":"text"},{"text":"System Admin > Configuration > Make HTTP Calls","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1393,"id":"b637a8a1-2f84-43a2-89d8-749d9ddb114d","collection":"contentId-801767425","type":"file","height":695}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Issue the following PUT command:","type":"text"},{"type":"hardBreak"},{"text":"namespaces//securekeys/","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"with a JSON-formatted body that contains the description of the key, the data (password) to be stored under the key, and a map of descriptive properties associated with the key (these can help you identify the key in the future):","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"description\": \"Example Secure Key\",\n \"data\": \"\",\n \"properties\": {\n \"\": \"\"\n }\n}","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, the following PUT command creates a secure key called ","type":"text"},{"text":"mykey","type":"text","marks":[{"type":"code"}]},{"text":" with a password of ","type":"text"},{"text":"test123","type":"text","marks":[{"type":"code"}]},{"text":". ","type":"text"},{"type":"hardBreak"},{"text":"PUT namespaces/default/securekeys/mykey","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":"JSON body:","type":"text"},{"type":"hardBreak"},{"text":"{","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"\"description\": \"Example Secure Key\",","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"\"data\": \"test123\",","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"\"properties\": {","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"\"\": \"\"","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"}","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"}","type":"text","marks":[{"type":"code"}]}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1431,"id":"d99031aa-062b-4983-8faa-a611540b4439","collection":"contentId-801767425","type":"file","height":695}}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"Status Code: 200","type":"text","marks":[{"type":"strong"}]},{"text":" means you successfully created the secure key to store the encrypted password for the database. CDAP saves the secure key in the secure store located in the ","type":"text"},{"text":"store","type":"text","marks":[{"type":"code"}]},{"text":" folder under your CDAP Sandbox installation directory.","type":"text"},{"type":"hardBreak"},{"text":"Now that you’ve created a secure key, you can add it as a macro in the ","type":"text"},{"text":"Password","type":"text","marks":[{"type":"strong"}]},{"text":" field of a Database plugin. ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the Pipeline Studio, create a pipeline with a Database Batch Source plugin.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click the Database plugin ","type":"text"},{"text":"Properties ","type":"text","marks":[{"type":"strong"}]},{"text":"button.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Password","type":"text","marks":[{"type":"strong"}]},{"text":" field, click the macro button and add a secure macro: The secure macro has the format ","type":"text"},{"text":"${secure()}","type":"text","marks":[{"type":"code"}]},{"text":". In this example, add ","type":"text"},{"text":"${secure(mykey)}","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1431,"id":"0c2a4992-3c60-47ca-b764-c578db466387","collection":"contentId-801767425","type":"file","height":675}}]},{"type":"paragraph"}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Build the rest of the pipeline and run it. ","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Example: Using a Secure Key to a ","type":"text"},{"text":"Compute Profile","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"8bdf151d-5127-4195-87d2-202c0ff7fbc2"}}]},{"text":" for a Dataproc Cluster","type":"text"}]},{"type":"paragraph","content":[{"text":"You’re using CDAP and want to use Dataproc as your provisioner. You also want to create a secure key for your Service Account in your compute profile for the Dataproc cluster. ","type":"text"}]},{"type":"panel","attrs":{"panelType":"note"},"content":[{"type":"paragraph","content":[{"text":"Note: ","type":"text","marks":[{"type":"strong"}]},{"text":"When you add a secure key to a system compute profile, CDAP applies the key when you run a pipeline. The key must exist in the namespace where you are running the pipeline. If the key doesn’t exist in the namespace, the pipeline will fail.","type":"text"}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Step 1: Download and Convert the Service Account JSON to a String","type":"text"}]},{"type":"paragraph","content":[{"text":"Before you add a secure key to the compute profile, you need to download the Service Account JSON and convert it to a valid JSON string, which means it must be converted into a single-line JSON string and all quotes need to be escaped. You need the secure account information in string format to populate the ","type":"text"},{"text":"\"data\": \"\"","type":"text","marks":[{"type":"code"}]},{"text":" property when you use the HTTP PUT command to create the key. ","type":"text"}]},{"type":"paragraph","content":[{"text":"To download and convert the Service Account JSON to a string, complete the following steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the Cloud Console, go to the ","type":"text"},{"text":"Service Accounts","type":"text","marks":[{"type":"strong"}]},{"text":" page.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Under ","type":"text"},{"text":"Select a recent project","type":"text","marks":[{"type":"strong"}]},{"text":", select the project you want to create a secure key for.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Select the service account email and under ","type":"text"},{"text":"Actions","type":"text","marks":[{"type":"strong"}]},{"text":", select ","type":"text"},{"text":"Create Key","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To download the service account key, select JSON:","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":618,"id":"a0d1d651-a257-4f92-8c64-d0b9c5acdde0","collection":"contentId-801767425","type":"file","height":356}}]},{"type":"paragraph","content":[{"type":"hardBreak"},{"text":"The service account JSON is downloaded to your local drive. ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Convert the JSON file to a valid JSON string, which means it must be converted into a single-line JSON string and all quotes need to be escaped.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Step 2: Create a Secure Key","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In CDAP, open the HTTP interface. Click ","type":"text"},{"text":"System Admin > Configuration > Make HTTP Calls","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1393,"id":"b637a8a1-2f84-43a2-89d8-749d9ddb114d","collection":"contentId-801767425","type":"file","height":695}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Issue the following PUT command:","type":"text"},{"type":"hardBreak"},{"text":"namespaces//securekeys/","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"with a JSON-formatted body that contains the description of the key, the data (Secure Account JSON that you converted to a string) to be stored under the key, and a map of descriptive properties associated with the key (these can help you identify the key in the future):","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"description\": \"Example Secure Key\",\n \"data\": \"\",\n \"properties\": {\n \"\": \"\"\n }\n}","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, the following PUT command creates a secure key called ","type":"text"},{"text":"mykey","type":"text","marks":[{"type":"code"}]},{"text":" with the secure account data:","type":"text"},{"type":"hardBreak"},{"type":"hardBreak"},{"text":"PUT namespaces/default/securekeys/mykey","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":"JSON body:","type":"text"},{"type":"hardBreak"},{"text":"{","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"\"description\": \"Example Secure Key\",","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"\"data\": \"{ \\\"type\\\": \\\"service_account\\\", \\\"project_id\\\": \\\"XXXXXXXXXXXXXX\\\", \\\"private_key_id\\\": \\\"XXXXXXXXXXXXX\\\", \\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nXXXXXXXXXXXXXXXXXX\\n-----END PRIVATE KEY-----\\n\\\", \\\"client_email\\\": \\\"1234567889-compute@developer.gserviceaccount.com\\\", \\\"client_id\\\": \\\"265283765238456238456234524857234\\\", \\\"auth_uri\\\": \\\"https://accounts.google.com/o/oauth2/auth\\\", \\\"token_uri\\\": \\\"https://oauth2.googleapis.com/token\\\", \\\"auth_provider_x509_cert_url\\\": \\\"https://www.googleapis.com/oauth2/v1/certs\\\", \\\"client_x509_cert_url\\\": \\\"https://www.googleapis.com/robot/v1/metadata/x509/1234567889-compute%40developer.gserviceaccount.com\\\"}\",","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"\"properties\": {","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"\"\": \"\"","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"}","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"}","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1431,"id":"75f4cc14-78f5-43b1-82c1-4d0d08e4f84a","collection":"contentId-801767425","type":"file","height":464}}]}]}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"Status Code: 200","type":"text","marks":[{"type":"strong"}]},{"text":" means you successfully created the secure key to store the encrypted service account information in the compute profile. CDAP saves the secure key in the secure store located in the ","type":"text"},{"text":"store","type":"text","marks":[{"type":"code"}]},{"text":" folder under your CDAP Sandbox installation directory.","type":"text"}]},{"type":"paragraph","content":[{"text":"Now that you’ve created a secure key, you can add it as a macro in the ","type":"text"},{"text":"Service Account","type":"text","marks":[{"type":"strong"}]},{"text":" field in a compute profile. ","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Step 3: Add the Secure Key to the Compute Profile","type":"text"}]},{"type":"paragraph","content":[{"text":"You can add the secure key to the compute profile in the following places in the CDAP: ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Default Namespace Compute Profile","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Custom Namespace Compute Profile","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"System Compute Profile","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Adding a Secure Key to the Default Namespace or Custom Namespace Compute Profile","type":"text"}]},{"type":"paragraph","content":[{"text":"To add a secure key in the default namespace or custom namespace compute profile, complete the following steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the Pipeline Studio, click the hamburger menu and select the down arrow next to default namespace:","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":262,"id":"b43b0354-05fe-44a7-bba0-e043559feff9","collection":"contentId-801767425","type":"file","height":409}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To edit the default namespace, click the default area:","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":258,"id":"734a2a05-d2db-4153-976a-61051c6488e8","collection":"contentId-801767425","type":"file","height":414}}]},{"type":"paragraph","content":[{"text":"To edit a custom namespace, click in the custom namespace area. For example, if you have a namespace called “test”, click in the test namespace area.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the Namespace configuration page, under Compute Profiles, click ","type":"text"},{"text":"Create New","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1432,"id":"94351311-62c1-48eb-9e31-484d89e17dd2","collection":"contentId-801767425","type":"file","height":679}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To add a ","type":"text"},{"text":"secure key to a new Dataproc cluster, select ","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"1476d441-6d84-4464-a767-aed181ad0a13"}}]},{"text":"Dataproc","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"1476d441-6d84-4464-a767-aed181ad0a13"}},{"type":"strong"}]},{"text":":","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1431,"id":"64b32936-f1a7-4d1c-9615-03d156c3506b","collection":"contentId-801767425","type":"file","height":644}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"On the ","type":"text"},{"text":"Create a profile for Dataproc","type":"text","marks":[{"type":"strong"}]},{"text":" page, go to the ","type":"text"},{"text":"Secure Account Key","type":"text","marks":[{"type":"strong"}]},{"text":" field and click the ","type":"text"},{"text":"shield ","type":"text","marks":[{"type":"strong"}]},{"text":"icon:","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1432,"id":"47b0da6b-a5f4-4c3b-8924-6e04cdcb0337","collection":"contentId-801767425","type":"file","height":591}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Select the secure key. In this example, it’s mykey:","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1432,"id":"ec339e0f-31bf-4230-a8ad-391bddb5a2e3","collection":"contentId-801767425","type":"file","height":591}}]},{"type":"paragraph","content":[{"text":"CDAP adds the secure key as a macro: ","type":"text"},{"text":"${secure(mykey)}","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To save the secure key in the compute profile, click ","type":"text"},{"text":"Create","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Adding a Secure Key to the System Compute Profile","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"af194faa-1425-4d02-a9e3-cb113b06ccba"}}]}]},{"type":"paragraph","content":[{"text":"When you add a secure key to the system compute profile, CDAP applies the key when you run a pipeline. The key must exist in the namespace where you are running the pipeline. If the key doesn’t exist in the namespace, the pipeline will fail.","type":"text"}]},{"type":"paragraph","content":[{"text":"To add a secure key in the System Admin Compute Profile, complete the following steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"System Admin > Configuration > System Compute Profiles","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Create New Profile","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1431,"id":"65c18ad1-102a-4b36-bd95-faebac5edb79","collection":"contentId-801767425","type":"file","height":520}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To add a secure key to a new","type":"text"},{"text":" Dataproc cluster, select ","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"91dec267-0c06-48a1-aaa6-59190f0a7bc4"}}]},{"text":"Dataproc","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"91dec267-0c06-48a1-aaa6-59190f0a7bc4"}},{"type":"strong"}]},{"text":":","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"91dec267-0c06-48a1-aaa6-59190f0a7bc4"}}]},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":1431,"id":"64b32936-f1a7-4d1c-9615-03d156c3506b","collection":"contentId-801767425","type":"file","height":644}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To add the secure key, in the Service Account Key field, click the shield icon and click ","type":"text"},{"text":"Specify a different secure key.","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the box that appears, type the name of the key. In this example, type ","type":"text"},{"text":"mykey","type":"text","marks":[{"type":"code"}]},{"text":" and click ","type":"text"},{"text":"Enter","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":963,"id":"6329eca3-5b2a-4a75-9fa0-18bf5b78fb52","collection":"contentId-801767425","type":"file","height":403}}]},{"type":"paragraph","content":[{"text":"CDAP adds the secure key as a macro: ","type":"text"},{"text":"${secure(mykey)}","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To save the secure key in the compute profile, click ","type":"text"},{"text":"Create","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"},{"type":"hardBreak"}]}]}]}],"version":1}

Browser not supported