Before you use Tablestore SDK for Node.js to initiate a request to access Tablestore, you must configure access credentials. Alibaba Cloud services use access credentials to verify identity information and access permissions. You can configure different types of access credentials based on the requirements for authentication and authorization in your business scenarios.
Prerequisites
Tablestore SDK for Node.js is installed. For more information, see Install Tablestore SDK for Node.js.
Access credentials
Access credential types
Temporary access credentials: For scenarios that require high security, we recommend that you use temporary access credentials. Temporary access credentials are valid only within a specific period of time, which helps prevent credential leaks. Temporary access credentials also support fine-grained access control, which prevents security risks caused by excessive permissions.
Long-term access credentials: To ensure security, we recommend that you do not use long-term access credentials. For scenarios that require convenience, long-term access credentials eliminate the need for multiple refreshes within an extended period of time.
ImportantWe recommend that you change your long-term access credentials every three months to ensure the security of your Alibaba Cloud account.
If long-term access credentials are leaked or no longer used, you can delete or disable the long-term access credentials to reduce security risks.
Temporary access credentials
To temporarily access Tablestore by using Tablestore SDK for Node.js, you must obtain temporary access credentials from Security Token Service (STS). If you access Tablestore by using temporary access credentials, the AccessKey pair of your RAM user is not leaked, which ensures the access security.
Create a RAM user. For information about how to create a RAM user, see Create a RAM user.
Attach the
AliyunSTSAssumeRoleAccess
policy to the RAM user. For more information, see Grant the RAM user the permissions to call the AssumeRole operation.Create a RAM role and attach a custom policy to the RAM role. For more information, see Create a RAM role and Grant Tablestore read-only access to the RAM role.
Use the RAM user to call the AssumeRole operation to obtain temporary access credentials. For more information, see Use the RAM user to assume the RAM role to obtain temporary access credentials.
Configure environment variables for the temporary access credentials.
Use the temporary access credentials to specify environment variables.
Mac OS X/Linux/Unix
export OTS_AK_ENV=<OTS_AK_ENV> export OTS_SK_ENV=<OTS_SK_ENV> export OTS_SESSION_TOKEN=<OTS_SESSION_TOKEN>
Windows
Run the command prompt as an administrator and execute the following commands:
setx OTS_AK_ENV <OTS_AK_ENV> /m setx OTS_SK_ENV <OTS_SK_ENV> /m setx OTS_SESSION_TOKEN <OTS_SESSION_TOKEN> /m
NoteAfter you configure the environment variables, you may need to restart the relevant services or development tools such as Integrated Development Environment (IDE) to ensure that the new settings are applied as expected.
Pass credential information by using environment variables.
var accessKeyId = process.env.OTS_AK_ENV; var secretAccessKey = process.env.OTS_SK_ENV; var stsToken = process.env.OTS_SESSION_TOKEN;
Long term access credentials
If your application is deployed in a secure and stable environment that is not vulnerable to external attacks and requires long-term access to Tablestore by using Tablestore SDK for Node.js, you can use an AccessKey pair of your Alibaba Cloud account or a RAM user to access Tablestore. For information about how to obtain an AccessKey pair, see Use AccessKey pairs of RAM users to initiate requests.
An Alibaba Cloud account has full access to all resources of the account. Leaks of the Alibaba Cloud account AccessKey pair pose critical threats to the system. Therefore, we recommend that you use the AccessKey pair of a RAM user that is granted the minimum required permissions to access Tablestore.
Use the AccessKey pair to specify environment variables.
Mac OS X/Linux/Unix
export OTS_AK_ENV=<OTS_AK_ENV> export OTS_SK_ENV=<OTS_SK_ENV>
Windows
Run the command prompt as an administrator and execute the following commands:
setx OTS_AK_ENV <OTS_AK_ENV> /m setx OTS_SK_ENV <OTS_SK_ENV> /m
NoteAfter you configure the environment variables, you may need to restart the relevant services or development tools such as IDE to ensure that the new settings are applied as expected.
Pass credential information by using environment variables.
var accessKeyId = process.env.OTS_AK_ENV; var secretAccessKey = process.env.OTS_SK_ENV;
What to do next
After you initialize a credential provider, you must use the credential provider to create an OTSClient instance. For more information, see Initialize an OTSClient instance.