Syntasa provides a centralized Credential Store that allows you to securely manage sensitive information such as API keys, database passwords, and cloud tokens. By creating a Credential object, you can safely share secrets across teams and use them programmatically in notebooks—without exposing raw values in your code.
This guide walks you through how to create and manage a Credential object using the Syntasa UI.
Step 1: Access the Credentials Module
- Log in to your Syntasa environment.
- In the left-hand navigation sidebar, locate the Resources group.
- Click on Credentials.
- On the Credentials list page, click the + New Credential button in the top-right corner.
Step 2: Enter Basic Information
Provide the required details in the Basic Info section:
- Name: A unique, descriptive name for the credential (e.g., Marketing_API_Key).
This name is used to reference the credential in notebooks. - Description (Optional): Add context about what the credential is used for or who manages it.
Step 3: Select a Source Type
Syntasa is infrastructure-aware, meaning it only displays cloud options that match your current environment (AWS, GCP, or Azure).
Choose one of the following options:
Option A: Inline (Enter Values)
Use this option to store secrets directly within Syntasa’s encrypted database.
- Select Enter Values (Inline)
- In the dynamic table:
- Enter a Key (e.g., password)
- Enter the Value (masked by default)
- Click the Eye icon to toggle visibility
- Click Add Key to include multiple key-value pairs within the same credential
Option B: Cloud Secret Reference
Use this option to reference a secret stored in your cloud provider’s secret manager.
AWS Secrets Manager
- Select the Region where the secret resides
- Enter the Secret Name or ARN
- (Optional) Select a Version Stage (defaults to AWSCURRENT)
GCP Secret Manager
- Enter the Project ID
- Enter the Secret Name
- (Optional) Enter the Version (defaults to latest)
Azure Key Vault
- Enter the Vault URL (e.g., https://my-vault.vault.azure.net)
- Enter the Secret Name
- (Optional) Enter the Version
Step 4: Validate (Required for Cloud Types)
If you selected a Cloud Secret Reference, validation is required before saving:
- Click the Validate button
- Syntasa will attempt to connect using the platform’s IAM identity
Validation Outcomes:
- Success
- A green checkmark appears
- Syntasa displays Discovered Keys as tags
- Failure
- An error message appears (e.g., Access Denied or Secret Not Found)
- Ensure your platform IAM roles have the correct permissions
Step 5: Configure Sharing
Control who can access the credential:
- Private: Only you (the owner) can view and use the credential
- Public: All users in the Syntasa environment can use the credential in their processes or notebooks
- Groups: Grant access to specific user groups
Note: Only the owner can edit values or delete the credential, regardless of sharing settings.
Step 6: Save
Once all required fields are completed and validation (if applicable) is successful:
- Click Save
- The credential will appear in the list and is ready for use
Next Steps: Using Your Credential
After creating a credential, you can securely access it within a Syntasa Notebook using the syn_utils library:
from syn_utils import CredentialStore
# Access the store
store = CredentialStore()
# Retrieve a specific key from your new credential
# This returns a SecretString that masks the value in notebook outputs
my_secret = store.get("Marketing_API_Key", "api_key")
# Use the value in your logic
print(f"Using key: {my_secret}") # Prints: Using key: **********This approach ensures that sensitive values remain protected while still being easily accessible for your workflows.