When I create the Amazon S3 bucket connection via the user interface. Access key and Secret key are hidden:
Connection string looks like:
CUSTOM CONNECT TO "provider=QvWebStorageProviderConnectorPackage.exe;sourceType=File_AmazonS3Connector;region=<REGION>;bucketName=<BUCKET_NAME>;"
But if I'm using the qrs api And provide the access key and secret key In the connection string, they are visible in the configuration in human readable format, and available for anyone who has an access to the QMC, data connection settings.
This is a body I send:
{
"name": "AWS S3",
"owner": {
"name": "<USER>"
},
"connectionString": "CUSTOM CONNECT TO \"provider=QvWebStorageProviderConnectorPackage.exe;sourceType=File_AmazonS3Connector;region=<REGION>;bucketName=<BUCKET_NAME>;accessKey=<ACCESS_KEY>;secretKey=<SECRET_KEY>\"",
"type": "QvWebStorageProviderConnectorPackage.exe",
"username": "",
"logOn": 0,
"architecture": 0,
"tags": [],
"customProperties": [],
"privileges": null,
"schemaPath": null
}
This request created the data connection, data connection works as expected. But when I open the configuration I see the access key ans secret key in the connection string.
I expect that secrets are not shown in the configuration after I have created the connection.