diff --git a/content/v2.0/query-data/flux/sql.md b/content/v2.0/query-data/flux/sql.md index b769145ff..ea2842d93 100644 --- a/content/v2.0/query-data/flux/sql.md +++ b/content/v2.0/query-data/flux/sql.md @@ -36,6 +36,7 @@ dashboards, tasks, and other operations. - [Query a SQL data source](#query-a-sql-data-source) - [Join SQL data with data in InfluxDB](#join-sql-data-with-data-in-influxdb) - [Use SQL results to populate dashboard variables](#use-sql-results-to-populate-dashboard-variables) +- [Use secrets to store SQL database credentials](#use-secrets-to-store-sql-database-credentials) - [Sample sensor data](#sample-sensor-data) If you're just getting started with Flux queries, check out the following: @@ -154,6 +155,81 @@ Use the variable to manipulate queries in your dashboards. --- +## Use secrets to store SQL database credentials +If your SQL database requires authentication, use [InfluxDB secrets](/v2.0/security/secrets/) +to store and populate connection credentials. +By default, InfluxDB base64-encodes and stores secrets in its internal key-value store, BoltDB. +For added security, [store secrets in Vault](/v2.0/security/secrets/use-vault/). + +### Store your database credentials as secrets +Use the [InfluxDB API](/v2.0/reference/api/) or the [`influx` CLI](/v2.0/reference/cli/influx/secret/) +to store your database credentials as secrets. + +{{< tabs-wrapper >}} +{{% tabs %}} +[InfluxDB API](#) +[influx CLI](#) +{{% /tabs %}} +{{% tab-content %}} +```sh +curl -X PATCH http://localhost:9999/api/v2/orgs//secrets \ + -H 'Authorization: Token YOURAUTHTOKEN' \ + -H 'Content-type: application/json' \ + -d '{ + "POSTGRES_HOST": "http://example.com", + "POSTGRES_USER": "example-username", + "POSTGRES_PASS": "example-password" +}' +``` + +**To store secrets, you need:** + +- [your organization ID](/v2.0/organizations/view-orgs/#view-your-organization-id) +- [your authentication token](/v2.0/security/tokens/view-tokens/) +{{% /tab-content %}} +{{% tab-content %}} +```sh +# Syntax +influx secret update -k + +# Example +influx secret update -k POSTGRES_PASS +``` + +**When prompted, enter your secret value.** + +{{% warn %}} +You can provide the secret value with the `-v`, `--value` flag, but the **plain text +secret may appear in your shell history**. + +```sh +influx secret update -k -v +``` +{{% /warn %}} +{{% /tab-content %}} +{{< /tabs-wrapper >}} + +### Use secrets in your query +Import the `influxdata/influxdb/secrets` package and use [string interpolation](/v2.0/reference/flux/language/string-interpolation/) +to populate connection credentials with stored secrets in your Flux query. + +```js +import "sql" +import "influxdata/influxdb/secrets" + +POSTGRES_HOST = secrets.get(key: "POSTGRES_HOST") +POSTGRES_USER = secrets.get(key: "POSTGRES_USER") +POSTGRES_PASS = secrets.get(key: "POSTGRES_PASS") + +sql.from( + driverName: "postgres", + dataSourceName: "postgresql://${POSTGRES_USER}:${POSTGRES_PASS}@${POSTGRES_HOST}", + query: "SELECT * FROM sensors" +) +``` + +--- + ## Sample sensor data The [sample data generator](#download-and-run-the-sample-data-generator) and [sample sensor information](#import-the-sample-sensor-information) simulate a diff --git a/content/v2.0/reference/flux/stdlib/experimental/bigtable/from.md b/content/v2.0/reference/flux/stdlib/experimental/bigtable/from.md index 1f52d1b7e..117384775 100644 --- a/content/v2.0/reference/flux/stdlib/experimental/bigtable/from.md +++ b/content/v2.0/reference/flux/stdlib/experimental/bigtable/from.md @@ -52,3 +52,26 @@ _**Data type:** String_ The name of the Cloud Bigtable table to retrieve data from. _**Data type:** String_ + +## Examples + +{{% note %}} +The example below uses [InfluxDB secrets](/v2.0/security/secrets/) to populate +sensitive connection credentials. +{{% /note %}} + +```js +import "experimental/bigtable" +import "influxdata/influxdb/secrets" + +bigtable_token = secrets.get(key: "BIGTABLE_TOKEN") +bigtable_project = secrets.get(key: "BIGTABLE_PROJECT_ID") +bigtable_instance = secrets.get(key: "BIGTABLE_INSTANCE_ID") + +bigtable.from( + token: bigtable_token, + project: bigtable_project, + instance: bigtable_instance, + table: "example-table" +) +``` diff --git a/content/v2.0/reference/flux/stdlib/sql/from.md b/content/v2.0/reference/flux/stdlib/sql/from.md index 7e2518a27..2d8b1d43c 100644 --- a/content/v2.0/reference/flux/stdlib/sql/from.md +++ b/content/v2.0/reference/flux/stdlib/sql/from.md @@ -64,13 +64,22 @@ _**Data type:** String_ ## Examples +{{% note %}} +The examples below use [InfluxDB secrets](/v2.0/security/secrets/) to populate +sensitive connection credentials. +{{% /note %}} + ### Query a MySQL database ```js import "sql" +import "influxdata/influxdb/secrets" + +username = secrets.get(key: "MYSQL_USER") +password = secrets.get(key: "MYSQL_PASS") sql.from( driverName: "mysql", - dataSourceName: "user:password@tcp(localhost:3306)/db", + dataSourceName: "${username}:${password}@tcp(localhost:3306)/db", query:"SELECT * FROM ExampleTable" ) ``` @@ -78,10 +87,14 @@ sql.from( ### Query a Postgres database ```js import "sql" +import "influxdata/influxdb/secrets" + +username = secrets.get(key: "POSTGRES_USER") +password = secrets.get(key: "POSTGRES_PASS") sql.from( driverName: "postgres", - dataSourceName: "postgresql://user:password@localhost", + dataSourceName: "postgresql://${username}:${password}@localhost", query:"SELECT * FROM ExampleTable" ) ``` diff --git a/content/v2.0/reference/flux/stdlib/sql/to.md b/content/v2.0/reference/flux/stdlib/sql/to.md index 4d4552bf2..0286011dd 100644 --- a/content/v2.0/reference/flux/stdlib/sql/to.md +++ b/content/v2.0/reference/flux/stdlib/sql/to.md @@ -73,13 +73,22 @@ If writing to a **SQLite** database, set `batchSize` to `999` or less. ## Examples +{{% note %}} +The examples below use [InfluxDB secrets](/v2.0/security/secrets/) to populate +sensitive connection credentials. +{{% /note %}} + ### Write data to a MySQL database ```js import "sql" +import "influxdata/influxdb/secrets" + +username = secrets.get(key: "MYSQL_USER") +password = secrets.get(key: "MYSQL_PASS") sql.to( driverName: "mysql", - dataSourceName: "user:password@tcp(localhost:3306)/db", + dataSourceName: "${username}:${password}@tcp(localhost:3306)/db", table: "ExampleTable" ) ``` @@ -87,10 +96,14 @@ sql.to( ### Write data to a Postgres database ```js import "sql" +import "influxdata/influxdb/secrets" + +username = secrets.get(key: "POSTGRES_USER") +password = secrets.get(key: "POSTGRES_PASS") sql.to( driverName: "postgres", - dataSourceName: "postgresql://user:password@localhost", + dataSourceName: "postgresql://${username}:${password}@localhost", table: "ExampleTable" ) ```