Temporary credentials

Authenticate using temporary credentials in the create or update Deployment flow. Temporary credentials provide better security since they are not saved and expire (more) quickly.

Object storage

Select private object storage, and click on temporary credentials to authenticate using temporary credentials.

S3

1. Use AWS STS to assume a role with access to your bucket
2. Get a session token
3. In the Deployment configuration, click Private object storage, then click Temporary credentials, then Use temporary credentials
4. Select S3, copy paste your:

• Access key ID (e.g. ASIAIOSFODNN7EXAMPLE)
• Secret access key (e.g. ASIAwJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYIOSFODNN7EXAMPLE)
• Session token (e.g. AQoDYXdzEJr...<remainder of session token>)
  

5. Click Save

Azure Blob Storage

1. Go to your Azure storage account
2. Select Security + networking -> Shared access signature
3. Generate a SAS token with minimally:

• Allowed services: Blob
• Allowed resource types: Container, Object
• Allowed permissions: Read, List

4. In the Deployment configuration, click Private object storage, then click Temporary credentials, then Use temporary credentials
5. Select Azure Blob Storage, copy paste your:

• SAS token (e.g. bsv=2023-11-31&sr=b&sig=39Up9jzHkxhUIhFEjEh954DJxe6cIRCgOv6IGCSØ%3A377&sp=rcw)
• Object storage name (e.g. deeploy)
  

6. Click Save

Databricks

1. In Databricks, go to Settings, click Identity and access, then click Manage Service Principles
2. Add a new Service Principle with Workspace access
3. Give the Service Principle the required permissions
4. Click on the created Service Principle, click Secrets, then Generate secret
5. Use the generated secret and client ID to do an authenticated request to the token endpoint to receive a temporary workspace-level access token
6. Select Databricks Unity Catalog, copy paste your:

• Access token (e.g. eyJraWQiOiIy...<remainder of access token>)

7. Click Save

Docker

Select private registry, and click on temporary credentials to authenticate using temporary credentials.

DockerHub

1. For DockerHub, fill in:

• Registry (e.g. https://index.docker.io/v1/)
• Username (e.g. deeployml)
• Password (e.g. <password>)
  

2. Click Save

AWS

1. Use the AWS CLI to get a temporary login password using aws ecr get-login-password --region region
2. For Amazon Elastic Container Registry, fill in:

• Registry (e.g. 012345678901.dkr.ecr.eu-central-1.amazonaws.com)
• Username (AWS)
• Password (e.g. eyJraWQiOiIy...<remainder of access token>)
  

3. Click Save

Azure

1. Use the Azure CLI to get a temporary access token using az acr login --name <acrName> --expose-token
2. For Azure Container Registry, fill in:

• Registry (e.g. deeploy.azurecr.io)
• Username (00000000-0000-0000-0000-000000000000)
• Password (e.g. eyJhbGci...<remainder of access token>)
  

3. Click Save

GCP

1. Create a service account for the artifact registry, and grant it repository access
2. Generate an access token for the service account
3. For Google Artifact Registry, fill in:

• Registry (e.g. europe-central2-docker.pkg.dev/repository/project-name)
• Username (oauth2accesstoken)
• Password (e.g. ya29.c.c...<remainder of access token>)
  

4. Click Save