I have followed the directions of Chris Hemedinger and Joseph Henry for retrieving the token needed for interacting with SharePoint and OneDrive. I have an Azure API with a client secret.
I am trying to figure out how to best lock down the value of the client_secret and yet have it accessible to the users of my environment so that they can utilize the API calls from SAS to o365 SharePoint Online.
What is the recommended method to hide this value?
I thought of a %include, but that needs to be readable for their code to work. I thought of burying a macro value but any savvy user would know %put &thesecret. ; in a SAS session would show the literal value.
Thank you in advance for sharing your thoughts and experiences in this thread.
Can you share any additional information about your SAS environment? version? platform? my first instinct would be looking at a metadata object. However, that would assume a SAS installation that included a metadata server.
If you can use a user/password to authenticate, you can store that into an AuthDomain in your meta, and call your API through a "proc http" with an Authdomain parameter. If the client ID is a parameter of the request, you can encapsulate your code (proc http or curl), into a stored compile AND secure macro : %macro MP_MACRO / store secure ; option NOMPRINT NOSYMBOLGEN ; %local mv_secret ;
Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.
If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website.