Add Credentials Page

Overview

The "Add Credentials Page" is a feature within the Vantage analytics and data platform, allowing users to store sensitive authentication information securely. This page is designed for rare testing scenarios that ensure the encryption and storage of these credentials are executed effectively. The page facilitates adding secure credential data to the credentials store table in a database using the database ORM.

Purpose

The primary purpose of the Add Credentials Page is to handle the secure entry and storage of sensitive credential information, specifically for third-party services like OpenWeatherMap. The component utilizes AES-256-GCM encryption to secure user credentials (like email and token) before they are stored in the database to mitigate exposure to sensitive data.

How It Works

• Encryption: The component gathers sensitive credentials, encrypts them using AES-256-GCM, and prepares them for storage.
• Database Interaction: It creates a new entry in the credentials store with the encrypted data and additional security parameters.
• Error Handling: The page includes protection mechanisms to ensure it is not executed outside of a controlled environment.

Data Expectations

The component expects sensitive credential data in the following format before encryption:

const plainCredentials = {
    email: "user@example.com",
    token: "your_token_here"
};

Settings

The following settings govern the behavior and appearance of the Add Credentials Page:

1. protection

• Input Type: Boolean
• Description: This setting is designed to prevent the accidental execution of the component in inappropriate contexts. If set to true, it restricts access by throwing an error.
• Effect: When set to true, the error message "This page is for RARE testing only!" is generated, preventing the rest of the function from executing. This is vital to ensure its secure use.
• Default Value: true

2. clientId

• Input Type: Numeric (integer)
• Description: Represents the unique identifier for a client or organization that will be associated with the credentials being added.
• Effect: This ID is crucial for establishing the linked entity to which the credentials pertain. Changing its value would affect which client the credential is associated with.
• Default Value: 0 (Placeholder value)

3. serviceId

• Input Type: Numeric (integer)
• Description: This is the identifier for the specific third-party service (e.g., OpenWeatherMap) associated with the credential data.
• Effect: Affects the service under which the credentials are stored. Altering this value changes which service the credentials apply to.
• Default Value: 0 (Placeholder value)

4. plainCredentials

• Input Type: Object containing strings
• Description: Holds the actual credential data that needs to be encrypted and later stored. This object contains email and token.
• Effect: The values within this object dictate what credentials are stored. Changing these values directly modifies the credentials that get encrypted and saved into the database.
• Default Value:
  javascriptCopy

  {
      email: "user@example.com",
      token: "your_token_here"
  }

Use Cases & Examples

Use Cases

1. Integration of Third-Party Services: A business using the Vantage platform may need to securely store API credentials to connect with different external services, like weather data, CRM data, etc.

2. User Management: When managing multiple user accounts for applications that require authentication tokens, Vantage can streamline and secure credential storage.

3. Testing Environments: Developers may require a secure page to insert test credentials without exposing sensitive information in development environments.

Example Configuration

Suppose a company wants to use Vantage to integrate with an environmental data service that requires credentials. The company has the following requirements for their credentials:

• Service: OpenWeatherMap
• Client: a client identified by clientId: 12345
• Credentials:
  • Email: john.doe@example.com
  • Token: ABCDEF123456

The configuration could be visualized to look as follows:

const clientId = 12345;              // The unique identifier for the client
const serviceId = 1;                 // The ID for OpenWeatherMap
const plainCredentials = {
    email: "john.doe@example.com",   // The user's email for API access
    token: "ABCDEF123456"             // The token for API authentication
};

With this configuration, when the Add Credentials Page processes this data, it would encrypt the provided credentials and successfully store them in the database under the entries for client ID 12345 and service ID 1, ensuring that highly sensitive information remains secure.