Skip to main content

Credentials

Data credential resources contain encrypted client credentials for accessing data sources and destinations. These credentials provide secure authentication to external systems while maintaining the highest security standards through encryption and access controls.

Core Concepts

Data credentials in Nexla serve as the foundation for secure data connectivity. They store authentication information in encrypted format and can be shared across multiple data sources and destinations, providing a centralized and secure way to manage access to external systems.

Security Features

  • Encrypted Storage: All credential attributes are stored and transmitted in encrypted format
  • Access Control: Credentials are protected by Nexla's encryption library and secret management
  • Secure Transmission: Credentials are never transmitted in clear text
  • Audit Logging: All credential access and usage is logged for security monitoring

Credential Types

Nexla supports a wide range of credential types for different data systems:

  • Cloud Storage: AWS S3, Google Cloud Storage, Azure Blob Storage
  • Databases: PostgreSQL, MySQL, SQL Server, Oracle, Redshift, Snowflake
  • APIs: REST APIs, webhooks, custom authentication
  • File Systems: FTP, SFTP, Dropbox, Google Drive
  • Streaming: Kafka, Google Pub/Sub, Confluent Cloud

Credential Management

Centralized Storage

Credentials are stored centrally in the Nexla platform, allowing you to:

  • Reuse Credentials: Use the same credentials across multiple sources and destinations
  • Update Once: Modify credentials in one place to update all connected resources
  • Monitor Usage: Track which resources are using specific credentials
  • Secure Sharing: Share credentials securely within your organization

Access Control

Credential access is controlled through:

  • Ownership: Credentials belong to specific users or organizations
  • Permissions: Access rights can be granted to teams or individual users
  • Audit Trail: All credential operations are logged for compliance

API Endpoints

The Nexla API provides comprehensive endpoints for managing data credentials:

  • GET /data_credentials: List all accessible credentials
  • POST /data_credentials: Create new credentials
  • GET /data_credentials/{id}: Retrieve specific credential details
  • PUT /data_credentials/{id}: Update credential information
  • DELETE /data_credentials/{id}: Remove credentials
  • PUT /data_credentials/{id}/refresh: Refresh credential validity

Credential Operations

Creation and Updates

When creating or updating credentials, you provide:

  • name: Descriptive name for the credential
  • credentials_type: Type of system the credential authenticates
  • credentials: The actual authentication data (automatically encrypted)

Validation and Testing

Credentials can be validated and tested before use:

  • PUT /data_credentials/{id}/probe/authenticate: Test credential validity
  • GET /data_credentials/{id}/probe/list: List accessible resources
  • GET /data_credentials/{id}/probe/summary: Get connection summary

Best Practices

To ensure secure and effective credential management:

  1. Use Descriptive Names: Choose clear names that identify the purpose and system
  2. Regular Rotation: Periodically rotate credentials for enhanced security
  3. Principle of Least Privilege: Grant only necessary permissions
  4. Monitor Usage: Track credential access and usage patterns
  5. Secure Storage: Never store credentials in plain text or unsecured locations

Integration with Resources

Data credentials integrate seamlessly with other Nexla resources:

  • Data Sources: Credentials authenticate connections to data ingestion points
  • Data Destinations: Credentials enable writing to external systems
  • Data Flows: Credentials support end-to-end data processing pipelines
  • Teams: Credentials can be shared with team members for collaboration

Next Steps

To get started with data credentials, explore the following sections: