topic Deploy Batch API downloaded from Model Studio without clear text password in Administration and Deployment

Deploy Batch API downloaded from Model Studio without clear text password

alisio_meneses — Tue, 29 Nov 2022 19:23:10 GMT

Hello There.

I downloaded a Batch API SAS Code from ModelStudio and it is running fine, but I would like to know if there is a way to call the macro without having the password in clear text as argument.

The following lines illustrates the arguments needed to call the Batch API macro:

/* Call the macro */

%let protocol = https;
%let host = sashost;
%let port = 443;
%let username = awesomeuser;
%let password = supersecretpassword;
%let projectId = ohhi-how-are-ya-666;

%vf_new_iteration(&protocol, &host, &port, &username, &password, &projectId);

Thank you!

Re: Deploy Batch API downloaded from Model Studio without clear text password

SASKiwi — Tue, 29 Nov 2022 20:06:28 GMT

You can encode the password using PWENCODE:

proc pwencode in = "supersecretpassword";
run;

Then you use the encoded version in your program: {SAS002}709545100D40657D4507094941ACEF7C4652D9232A8E0E4001E3D23059C7D7C8

However that doesn't prevent someone else making use of that version for their own purposes if they find it in your program.

Re: Deploy Batch API downloaded from Model Studio without clear text password

alisio_meneses — Wed, 30 Nov 2022 14:35:56 GMT

Hi @SASKiwi, thank you for replying.

I've tried using the encoded password but it didn't work. I get authorization error (log attached) if using the encoded password, although it still works fine using the unencoded password;

/* Encoding password */
proc pwencode in = "supersecretpassword";
run;
/* encoded password: {SAS002}709545100D40657D4507094941ACEF7C4652D9232A8E0E4001E3D23059C7D7C8 */ 

/* Call the macro */

%let protocol = https;
%let host = sashost;
%let port = 443;
%let username = awesomeuser;
%let password = {SAS002}709545100D40657D4507094941ACEF7C4652D9232A8E0E4001E3D23059C7D7C8;
%let projectId = ohhi-how-are-ya-666;

%vf_new_iteration(&protocol, &host, &port, &username, &password, &projectId);

Could it be that the literal encoded password is being used?

Is it necessary to 'tell' the funcions/step/proc that an encoded password is in use?

Re: Deploy Batch API downloaded from Model Studio without clear text password

SASKiwi — Wed, 30 Nov 2022 20:31:05 GMT

@alisio_meneses In my experience SAS detects the encoding type based on the contents of the curly brackets. I've never tried this in PROC HTTP but it works fine for other password-required processes.