Sign inTry Free

SECRET

On this page

Provides the ability to hide credentials from queries.

Passing credentials in queries can leave them exposed in plain text during parameterization which means they can be seen in logs and the process list. To counter this, you can use the SECRET() function. SECRET() takes a string (such as a password or other sensitive information) and replaces it with the literal string "<password>" during parameterization. The string is unchanged for the query however..

Syntax

SECRET(str)

Arguments

  • str: any string

Return Type

String

Remarks

  • There are two cases where the string passed in the SECRET() function could still be exposed:

    • When SECRET() is used as a column without an alias: 

      SELECT SECRET(argument);

      Instead, use something like:

      SELECT SECRET(argument) AS column_name;

    • When the NOPARAM() function is combined with SECRET():

      SECRET(NOPARAM(argument));

Example

CALL db.log_in_now('root', SECRET('super-secret-password'));

Related Topics

Last modified: November 18, 2022

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK