Skip to main content

Connection authentication reference

When you create a connection to an external source of data in Imply Polaris, you need to provide authentication details for Polaris to securely access your data. The method of authentication depends on the connection type. This guide lists the authentication details required for each connection type.

To learn more about connections, see Create a connection and the Connections v1 API. To learn about authenticating to the Polaris API, see Authentication overview.

Azure Blob Storage

For a connection to Azure Blob Storage, authenticate using a storage account access key or SAS token created at the storage account level.

Connection type: azure

Supported authentication modes:

  • Connection secrets type: access_key
    secret.accessKeySecret: storage account access key

  • Connection secrets type: sas_token
    secrets.sasToken: SAS token including the delimiter character ?

A guide to ingesting data from Azure Blob Storage by API is coming at a later date. For information on ingesting Azure data by API in the meantime, see Connect to Azure Blob Storage: Ingest data by API.

Confluent Cloud

For a Confluent Cloud connection, authenticate over SASL/PLAIN with a resource API key and secret. For information on creating and managing API keys in Confluent Cloud, see Use API Keys to Control Access.

Connection type: confluent

Supported authentication mode:
Connection secrets type: sasl_plain
secrets.username: The Confluent Cloud API key
secrets.password: The Confluent Cloud API secret

The deprecated confluent secrets type is equivalent to sasl_plain authentication.

To learn more, see Ingest data from Confluent Cloud by API.

Confluent Schema Registry

For a Confluent Schema Registry connection, authenticate with basic auth, SASL/PLAIN, or SASL/SCRAM. Select the option that corresponds with the mechanism you use to secure Confluent Schema Registry.

Connection type: confluent_schema_registry

Supported authentication modes:

  • Connection secrets type: basic (use this mode for Confluent Schema Registry API keys)
    secrets.username: Confluent Schema Registry API key
    secrets.password: Confluent Schema Registry API secret

  • Connection secrets type: sasl_plain
    secrets.username: SASL/PLAIN username
    secrets.password: SASL/PLAIN password

  • Connection secrets type: sasl_scram
    secrets.username: SASL/SCRAM username
    secrets.password: SASL/SCRAM password
    secrets.mechanism: SASL/SCRAM mechanism, either SCRAM-SHA-256 or SCRAM-SHA-512

To learn more, see Specify data schema by API.

Kafka

For an Apache Kafka connection, including Amazon MSK, authenticate with SASL/PLAIN or SASL/SCRAM credentials. A Kafka connection to Amazon MSK can also use AWS IAM role assumption when the Polaris cloud provider is AWS.

Connection type: kafka

Supported authentication modes:

  • Connection secrets type: aws_iam (to ingest from Amazon MSK only)
    secrets.awsAssumedRoleArn: ARN of your AWS IAM role for Polaris to assume

  • Connection secrets type: sasl_plain
    secrets.username: SASL/PLAIN username
    secrets.password: SASL/PLAIN password

  • Connection secrets type: sasl_scram
    secrets.username: SASL/SCRAM username
    secrets.password: SASL/SCRAM password
    secrets.mechanism: SASL/SCRAM mechanism, either SCRAM-SHA-256 or SCRAM-SHA-512

To learn more, see Ingest data from Apache Kafka and Amazon MSK by API.

Kinesis

For an Amazon Kinesis connection, authenticate using IAM role assumption.

Connection type: kinesis

Supported authentication mode:
Supply the ARN of your AWS IAM role for Polaris to assume in awsAssumedRoleArn. A Kinesis connection does not take the secrets property.

To learn more, see Ingest data from Amazon Kinesis by API.

Push streaming

A push streaming connection does not require secrets. Your API client connects directly to Polaris using a Polaris API key. For more information, see Authenticate with API keys.

Connection type: push_streaming

Supported authentication mode: not applicable

To learn more, see Push event data by API.

S3

For an Amazon S3 connection, authenticate using IAM role assumption or AWS IAM access keys. Your Polaris deployment must use AWS as the cloud provider in order to use IAM role assumption.

Connection type: s3

Supported authentication modes:

  • For IAM role assumption, supply the ARN of your AWS IAM role for Polaris to assume in awsAssumedRoleArn.
  • To use AWS IAM access keys, use the connection secrets type access_key and include the following properties:
    • secrets.accessKeyId: access key ID
    • secrets.accessKeySecret: secret access key

To learn more, see Ingest data from Amazon S3 by API.