cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
freshstarter
Obsidian | Level 7 freshstarter
Obsidian | Level 7
Go to Solution

Store secrets - SAS 9.4M4

Posted 10-22-2024 04:32 PM (1265 views)

Hello,

 

We are in SAS 9.4M7 and recently we have written SAS code proc http post method to generate and extract oauth token from Microsoft Azure. As this is the test environment, we have hardcoded the client id and client secrets in the SAS code to retrive the token. But we cant take this approach in Production as these details should be masked (or) invisible where end users should not see.

 

Thought of using Azure key vault to store these secrets, but we cant use proc python in SAS 9.4 as proc python is available only in SAS Viya. We dont want to store these secrets in a file that resides on the server.

 

Are there are any ways where we can store these secrets securely and retrive that in SAS code efficiently ? Please let me know. Thanks

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Store secrets - SAS 9.4M4

Posted 10-22-2024 04:56 PM (1241 views)  |   In reply to freshstarter
Could you build the PROC HTTP call with the hardcoded client ID and secret into a compiled macro? The users could run the macro to get the token but not be able to see the source code that contains the secret.

https://go.documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/mcrolref/n0sjezyl65z1cpn1b6mqfo8115h2.htm
--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

0 Likes
Reply
5 REPLIES 5
SASKiwi
PROC Star SASKiwi
PROC Star

Re: Store secrets - SAS 9.4M4

Posted 10-22-2024 04:39 PM (1254 views)  |   In reply to freshstarter

Can you post your test code example so we can get a better idea of what you are doing?

0 Likes
Reply
freshstarter
Obsidian | Level 7 freshstarter
Obsidian | Level 7

Re: Store secrets - SAS 9.4M4

Posted 10-22-2024 05:06 PM (1233 views)  |   In reply to SASKiwi

Below is my code where the client_id and secrets are hardcoded now.

 

filename resp temp;

 

proc http

url="https://login.microsoftonline.com/<Tenant-id>/oauth2/v2.0/token"

in='grant_type=client_credentails&client_id=1234567-abc&client_secret=123dbc-oG&scope=api://erderf/.default'

ct="application/x-www-form-urlencoded"

out=resp

method='POST';

run;

 

libname auth json fileref=resp;

data _null_;

set auth.root;

call.symputx('token',access_token);

run;

 

%put &token;

0 Likes
Reply
carl_sommer
SAS Employee carl_sommer
SAS Employee

Re: Store secrets - SAS 9.4M4

Posted 10-22-2024 06:34 PM (1182 views)  |   In reply to SASKiwi

To amend what Greg suggested, you'll want to use both the STORE and the SECURE options.
STORE provides macro compilation; SECURE provides encryption (so nosy people turning on MPRINT, etc get nada, zip, zilch)

See Example 5: Using the %MACRO Statement with the STORE and SECURE Options

 

Carl Sommer - SAS Technical Support

0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Store secrets - SAS 9.4M4

Posted 10-22-2024 04:56 PM (1242 views)  |   In reply to freshstarter
Could you build the PROC HTTP call with the hardcoded client ID and secret into a compiled macro? The users could run the macro to get the token but not be able to see the source code that contains the secret.

https://go.documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/mcrolref/n0sjezyl65z1cpn1b6mqfo8115h2.htm
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
freshstarter
Obsidian | Level 7 freshstarter
Obsidian | Level 7

Re: Store secrets - SAS 9.4M4

Posted 10-23-2024 06:31 AM (1115 views)  |   In reply to gwootton

Thank you for the suggestion

0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 5 replies
  • ‎10-22-2024 04:32 PM
  • 1266 views
  • 0 likes
  • 4 in conversation