Skip to main content

Connection authentication reference

When you create a connection to an external source of data in Imply Polaris, you need to provide authentication details for Polaris to securely access your data. The method of authentication depends on the connection type. This guide lists the authentication details required for each connection type.

To learn more about connections, see Create a connection and the Connections v1 API. To learn about authenticating to the Polaris API, see Authentication overview.

Azure Blob Storage

For an Azure Blob Storage connection, authenticate using a storage account access key or SAS token created at the storage account level.

Connection type: azure

Supported authentication modes:

  • Connection secrets type: access_key
    secret.accessKeySecret: storage account access key

  • Connection secrets type: sas_token
    secrets.sasToken: SAS token

To learn more, see Ingest data from Azure Blob Storage by API.

Confluent Cloud

For a Confluent Cloud connection, authenticate over SASL/PLAIN with a resource API key and secret. For information on creating and managing API keys in Confluent Cloud, see Use API Keys to Control Access.

Connection type: confluent

Supported authentication mode:
Connection secrets type: sasl_plain
secrets.username: Confluent Cloud API key
secrets.password: Confluent Cloud API secret

The deprecated confluent secrets type is equivalent to sasl_plain authentication.

To learn more, see Ingest data from Confluent Cloud by API.

Confluent Schema Registry

For a Confluent Schema Registry connection, use Basic authentication with an API key from Confluent Schema Registry. For details, refer to the Confluent documentation.

Connection type: confluent_schema_registry

Supported authentication mode:
Connection secrets type: basic
secrets.username: Confluent Schema Registry API key
secrets.password: Confluent Schema Registry API secret

To learn more, see Specify data schema by API.

Kafka

An Apache Kafka connection can take SASL/PLAIN or SASL/SCRAM credentials.

If the data source for your Kafka connection is Amazon MSK, use secrets type aws_iam or sasl_scram, depending on which authentication mechanism your Amazon MSK cluster supports. AWS IAM role assumption requires that your Polaris cloud provider is AWS. For more details, see the connection information.

If the data source for your Kafka connection is Kafka on Azure Event Hubs, use secrets type sasl_plain and supply the connection string from your shared access policy. For more details, see the connection information.

info

To enable unauthenticated connections, contact Polaris customer support. Imply recommends against using unauthenticated connections to connect to Polaris. You can only use unauthenticated connections when you enable private networking to secure the connection.

For information on private networking, see AWS private networking options and Azure private networking options.

Connection type: kafka

Supported authentication modes:

  • Connection secrets type: aws_iam (IAM role assumption for Amazon MSK)
    secrets.awsAssumedRoleArn: ARN of your AWS IAM role for Polaris to assume

  • Connection secrets type: sasl_plain
    secrets.username: SASL/PLAIN username
    secrets.password: SASL/PLAIN password

  • Connection secrets type: sasl_scram
    secrets.username: SASL/SCRAM username
    secrets.password: SASL/SCRAM password
    secrets.mechanism: SASL/SCRAM mechanism, either SCRAM-SHA-256 or SCRAM-SHA-512

To learn more, see Ingest data from Apache Kafka by API.

Kinesis

For an Amazon Kinesis connection, authenticate using IAM role assumption.

Connection type: kinesis

Supported authentication mode:
Supply the ARN of your AWS IAM role for Polaris to assume in awsAssumedRoleArn. A Kinesis connection does not take the secrets property.

To learn more, see Ingest data from Amazon Kinesis by API.

Push streaming

A push streaming connection does not require secrets. Your API client connects directly to Polaris using a Polaris API key. For more information, see Authenticate with API keys.

Connection type: push_streaming

Supported authentication mode: not applicable

To learn more, see Push event data by API.

S3

For an Amazon S3 connection, authenticate using IAM role assumption or AWS IAM access keys. Your Polaris deployment must use AWS as the cloud provider in order to use IAM role assumption.

Connection type: s3

Supported authentication modes:

  • For IAM role assumption, supply the ARN of your AWS IAM role for Polaris to assume in awsAssumedRoleArn.
  • To use AWS IAM access keys, use the connection secrets type access_key and include the following properties:
    • secrets.accessKeyId: access key ID
    • secrets.accessKeySecret: secret access key

To learn more, see Ingest data from Amazon S3 by API.