I am currently working on setting up a Weaviate Vector DB in our development environment. As part of this setup, I need to configure login credentials to ensure secure access to the database. In our current setup, we use a username and password for logging into our Oracle database, and we store these credentials securely in AWS Secrets Manager.
I am looking for guidance on how to implement a similar setup for Weaviate. Here are a few specific questions I have:
Configuration Files: Which configuration files need to be modified to set up login credentials for Weaviate? Are there any specific parameters that need to be added or updated?
Environment Variables: Is it possible to use environment variables for storing login credentials? If so, what is the recommended way to configure these variables in Weaviate?
AWS Secrets Manager Integration: Can Weaviate integrate with AWS Secrets Manager for storing and retrieving login credentials? If yes, what are the steps to configure this integration?
Authentication Methods: What authentication methods are supported by Weaviate for securing access to the vector database? Are there any preferred methods for a development environment?
Security Best Practices: Are there any security best practices or recommendations for managing and securing login credentials in a development environment, especially when using cloud services like AWS?
Common Pitfalls: What are some common pitfalls or issues that developers might encounter when setting up login credentials for Weaviate, and how can they be avoided?
Any detailed guidance, examples, or references to documentation would be greatly appreciated. Thank you in advance for your assistance!
There are 2 areas you are going to want to potentially explore depending on how you are installing your Weaviate Instance:
If you are using Docker, you will want to reference our documentation here:Authentication | Weaviate
If you are using Kubernetes you will want to reference our documentation here: Kubernetes | Weaviate
These both go over setting up the authentication which does utilizing env variable in either your docker compose or values.yaml file.
You can integrate with AWS Secretes manager by setting the env variables in your docker compose or your values file, then configure the module accordingly. We do have that documented here: Text Embeddings | Weaviate
The methods we offer are API-key or OIDC authentication which is gone over in the above docs!
As far as best practices, I would ensure you are utilizing your Read-only keys for any client that is only performing read operations on your objects and that you utilize ENV variables when possible.
Common pitfalls I’ve seen are users using an admin key for CRUD operations, and not Cycling the API keys when users should no longer have access to them.
Hi @Joe,
If I want to use API key based authentication, can i use it if I am connecting to weaviate locally.
client = weaviate.connect_to_local()
where i am not using any weaviate url, username or password.
How we can secure weaviate db when we are connecting using docker locally.
This means that while using connect_to_local, you can overwrite some of it’s parameters.
For example, this is how you can connect to a custom Weaviate cluster:
client = weaviate.connect_to_custom(
http_host=http_host, # Hostname for the HTTP API connection
http_port=443, # Default is 80, WCD uses 443
http_secure=True, # Whether to use https (secure) for the HTTP API connection
grpc_host=grpc_host, # Hostname for the gRPC API connection
grpc_port=443, # Default is 50051, WCD uses 443
grpc_secure=True, # Whether to use a secure channel for the gRPC API connection
auth_credentials=Auth.api_key(weaviate_api_key), # API key for authentication
)
So in your case, you can just pass auth_credentials to your client instantiation:
If I have multiple users (e.g., user1 and user2), each with a separate API key, does Weaviate ensure that user1 can access only their own data, or will they have access to data from user2 as well?
If this setup does not enforce access control at the data level, what would be the recommended approach to ensure that each user can only access and manage their own data in Weaviate?
Any guidance on this would be greatly appreciated!