Connection authentication reference
When you create a connection to an external source of data in Imply Polaris, you need to provide authentication details for Polaris to securely access your data. The method of authentication depends on the connection type. This guide lists the authentication details required for each connection type.
To learn more about connections, see Create a connection and the Connections v1 API. To learn about authenticating to the Polaris API, see Authentication overview.
Azure Blob Storage
For a connection to Azure Blob Storage, authenticate using a storage account access key or SAS token created at the storage account level.
Connection type: azure
Supported authentication modes:
Connection secrets type:
access_key
secret.accessKeySecret
: storage account access keyConnection secrets type:
sas_token
secrets.sasToken
: SAS token including the delimiter character?
A guide to ingesting data from Azure Blob Storage by API is coming at a later date. For information on ingesting Azure data by API in the meantime, see Connect to Azure Blob Storage: Ingest data by API.
Confluent Cloud
For a Confluent Cloud connection, authenticate over SASL/PLAIN with a resource API key and secret. For information on creating and managing API keys in Confluent Cloud, see Use API Keys to Control Access.
Connection type: confluent
- Supported authentication mode:
- Connection secrets type:
sasl_plain
secrets.username
: The Confluent Cloud API keysecrets.password
: The Confluent Cloud API secret
The deprecated confluent
secrets type is equivalent to sasl_plain
authentication.
To learn more, see Ingest data from Confluent Cloud by API.
Confluent Schema Registry
For a Confluent Schema Registry connection, authenticate with basic auth, SASL/PLAIN, or SASL/SCRAM. Select the option that corresponds with the mechanism you use to secure Confluent Schema Registry.
Connection type: confluent_schema_registry
Supported authentication modes:
Connection secrets type:
basic
(use this mode for Confluent Schema Registry API keys)
secrets.username
: Confluent Schema Registry API key
secrets.password
: Confluent Schema Registry API secretConnection secrets type:
sasl_plain
secrets.username
: SASL/PLAIN username
secrets.password
: SASL/PLAIN passwordConnection secrets type:
sasl_scram
secrets.username
: SASL/SCRAM username
secrets.password
: SASL/SCRAM password
secrets.mechanism
: SASL/SCRAM mechanism, eitherSCRAM-SHA-256
orSCRAM-SHA-512
To learn more, see Specify data schema by API.
Kafka
For an Apache Kafka connection, including Amazon MSK, authenticate with SASL/PLAIN or SASL/SCRAM credentials. A Kafka connection to Amazon MSK can also use AWS IAM role assumption when the Polaris cloud provider is AWS.
Connection type: kafka
Supported authentication modes:
Connection secrets type:
aws_iam
(to ingest from Amazon MSK only)
secrets.awsAssumedRoleArn
: ARN of your AWS IAM role for Polaris to assumeConnection secrets type:
sasl_plain
secrets.username
: SASL/PLAIN username
secrets.password
: SASL/PLAIN passwordConnection secrets type:
sasl_scram
secrets.username
: SASL/SCRAM username
secrets.password
: SASL/SCRAM password
secrets.mechanism
: SASL/SCRAM mechanism, eitherSCRAM-SHA-256
orSCRAM-SHA-512
To learn more, see Ingest data from Apache Kafka and Amazon MSK by API.
Kinesis
For an Amazon Kinesis connection, authenticate using IAM role assumption.
Connection type: kinesis
- Supported authentication mode:
- Supply the ARN of your AWS IAM role for Polaris to assume in
awsAssumedRoleArn
. A Kinesis connection does not take thesecrets
property.
To learn more, see Ingest data from Amazon Kinesis by API.
Push streaming
A push streaming connection does not require secrets. Your API client connects directly to Polaris using a Polaris API key. For more information, see Authenticate with API keys.
Connection type: push_streaming
Supported authentication mode: not applicable
To learn more, see Push event data by API.
S3
For an Amazon S3 connection, authenticate using IAM role assumption or AWS IAM access keys. Your Polaris deployment must use AWS as the cloud provider in order to use IAM role assumption.
Connection type: s3
Supported authentication modes:
- For IAM role assumption, supply the ARN of your AWS IAM role for Polaris to assume in
awsAssumedRoleArn
. - To use AWS IAM access keys, use the connection secrets type
access_key
and include the following properties:secrets.accessKeyId
: access key IDsecrets.accessKeySecret
: secret access key
To learn more, see Ingest data from Amazon S3 by API.