All Products
Document Center

Realtime Compute for Apache Flink:Manage keys

Last Updated:Aug 02, 2023

You can configure a key to avoid security risks that are caused by plaintext AccessKey pairs in DDL statements. This topic describes how to configure and reference a key.


Your account has permissions of the editor role for key management. For more information about how to grant permissions to an Alibaba Cloud account or a RAM user, see Grant permissions to an account.


  • You can only add and delete keys. You cannot view or change the values of keys.

  • You can reference keys only in the WITH clause of the CREATE TEMPORARY TABLE statement. If you reference keys in the WITH clause of the CREATE TABLE statement, the table that you create cannot be used.


If you delete an existing key, the SQL draft that you develop may fail to be published or you need to republish the deployment for the draft. Proceed with caution. A published draft is not affected if you delete an existing key.

Add a key

  1. Log on to the Realtime Compute for Apache Flink console. On the Fully Managed Flink tab, find the workspace that you want to manage and click Console in the Actions column.

  2. In the left-side navigation pane, click Security. On the Security page, click the Secret Values tab.

  3. On the Secret Values tab, click Add Secret Value. In the Add Secret Value dialog box, configure the Secret Name and Secret Value parameters.


    The value of the Secret Value parameter is case-sensitive.

  4. Click OK.

Reference a key

After you add a key, you can reference the key in the SQL editor of a draft.

  1. In the left-side navigation pane, click SQL Editor.

  2. In the Drafts pane of the SQL Editor page, double-click the desired draft. Then, write code in the SQL editor of the draft to reference the key.

    To reference a key, write code in the ${secret_values.Key name format. Sample code:

    CREATE TEMPORARY table datahub_source(
      name VARCHAR
    ) WITH (
      'connector' = 'datagen'
    CREATE TEMPORARY table datahub_sink(
      name  VARCHAR  
    ) WITH (
    INSERT INTO datahub_sink
    from datahub_source;