Hiding connection strings and secrets

[cilerler]

While working with a polyglot notebook, it’s necessary to avoid displaying the SQL database connection string.
Directly storing it in a variable reveals it in the variable list. How can this string be safely concealed?

Additionally, can the same approach be used to protect other sensitive secrets as well?

#!meta

{"kernelInfo":{"defaultKernelName":"csharp","items":[{"aliases":[],"languageName":"csharp","name":"csharp"},{"aliases":[],"languageName":"T-SQL","name":"sql-Integration_MyCompany"}]}}

#!csharp

#r "nuget:Microsoft.DotNet.Interactive.SqlServer,*-*"
var connectionString = System.Environment.GetEnvironmentVariable("integration_smartpocure_sql");

#!csharp

#!connect mssql --kernel-name Integration_MyCompany --connection-string @connectionString

#!markdown

Test SQL Connection with a Query

#!sql-Integration_MyCompany

SELECT @@VERSION;

[jonsequitur]

You can securely store secret values via magic commands, as described here:

https://github.com/dotnet/interactive/blob/main/docs/input-prompts.md#saving-a-value

Please let us know if this works for you and if you run into any issues or usability problems.

[cilerler]

In case it helps someone else, this is the workaround I ended up using.

I'm looking into the bug, which I was able to reproduce once, but can't reproduce again after a VS Code restart.

Side note: You don't need to set a variable to use the secret management feature. You can collapse the two magic command steps down to this:

#!connect mssql --kernel-name Integration_MyCompany --connection-string @password:{"saveAs":"mycompany.integration.sql", "prompt":"Please provide a connection string."}

[cilerler]

Thank you!
I was able to save it using the following command:

#!set --name myCompanyIntegrationSql --value @password:{"saveAs":"myCompany.integration.sql", "prompt":"Please provide a connection string."}

While this resolves the issue I was facing, the experience could be significantly improved with a feature like polyglot-notebook.kernelSecretVariables, similar to polyglot-notebook.kernelEnvironmentVariables in the settings. This would make it easier to configure secrets without worrying about accidental exposure, while keeping the use of PowerShell Secret Store optional.

[cilerler]

Closing this discussion since it partially addresses the question.
The remaining part is now documented as a bug/feature request at #3793.

Thanks again. 🤗

[jonsequitur]

I'm looking into the bug, which I was able to reproduce once, but can't reproduce again after a VS Code restart.

Side note: You don't need to set a variable to use the secret management feature. You can collapse the two magic command steps down to this:

#!connect mssql --kernel-name Integration_mycompany --connection-string @password:{"saveAs":"mycompany.integration.sql", "prompt":"Please provide a connection string."}

[cilerler]

Thank you again! It worked like a charm—it accepted it, and I no longer see the value in the variables list.
That said, I believe the bug should remain open since connect mssql still doesn’t accept passwordstring. Do you agree?

[jonsequitur]

Yeah, the issue you opened is definitely a bug.

[cilerler]

Thanks. Have a healthy, and happy new year. 🤗