Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
matthias_vc
Frequent Visitor

How safe is it to store Credentials in Power Query

‎04-06-2022 09:00 AM

Hi All, 

 

My main question is this:
- If I hardcode an encoded username + password in a Power Query step and publish that to the Power BI Service. Will that information be accessible to anyone else than the people who have access to the Power Bi File itself?

 

Flavor:

I'm currently creating some live Dashboards from OPC (Oracle Primavera Cloud) in Power BI.

OPC doesn't have a custom connector, but I can get the data from the REST Endpoints by:

-> Submitting a call to a "Token Endpoint" => Asks for Encoded Username+Password and gives back a token

 

Username = Extension.CurrentCredential()[Username],
Password = Extension.CurrentCredential()[Password],
vCred = "Basic "&Binary.ToText(Text.ToBinary(Username &":"&Password), 0),
tokenUrl = "https://.../apitoken/request?scope=http://../data",
Authentication = Json.Document(Web.Contents(tokenUrl, [Headers=[#"Authorization" = vCred], Content = Text.ToBinary("")])),

 

-> Use Token in subsequent calls to get data.

 

bearerToken = "Bearer " & Authentication[accessToken],
vUrl = "https://../dataservice/runquery",
body = TasksBody,
CallAPI = Json.Document(Web.Contents(vUrl,  [
     Headers = [#"Authorization"=bearerToken,
               #"x-prime-identity-app"=Authentication[primeIdentityApp],
               #"x-prime-tenant"=Authentication[primeTenant],
               #"x-prime-tenant-code"=Authentication[primeTenantCode],
               #"Content-Type"="application/json"
               ], 
    Content=Text.ToBinary(body)
]))

 

1) I would like to use the "Basic" Authentication of Power BI to do the first step, but as the Service expects an encoded version, it doesn't really help much as I can't access it in Query. If I hard code it, I'm not sure how safe it is.

2) I made a Custom Connector that can generate the Token based on Basic Authentication. However, when I build on this It asks to specify Credentials again. (Probably as Step 1 tried to get credentials for https://XXX/Apitoken/Request it overwrote the "anonymous" credentials for https://XXX/dataservice/runquery?

Labels:
Message 1 of 2
587 Views
0
1 REPLY 1
AlexisOlson
Super User
Super User

‎04-06-2022 01:06 PM

If someone has access to the Power BI workspace you publish the report to, they can download the PBIX from the Service and open it up and look at the query text (assuming they have a minimum of Write access to the dataset or are a Contributor to the workspace).

 

If they don't have access to the PBIX file, then I can't think of a way to access that query text but that doesn't mean it's not possible and I generally wouldn't advise storing unencrypted credentials in a query.

Message 2 of 2
545 Views

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All