Help

Re: PowerBI Query PAT Exposed in Parameter - Security Risk

609 0
cancel
Showing results for 
Search instead for 
Did you mean: 
kimmer
4 - Data Explorer
4 - Data Explorer

This connector method exposed the PAT in cleartext. If I share the Excel spreadsheet, the user can discover my PAT and query other company tables. They would need to know different table and base IDs. If my computer storage gets compromised, the hacker will get access to this PAT. Is there a better way to authenticate than using a PAT as a parameter?

I do see a method in data source settings of query editor (PowerBI or Excel) called Web API but Airtable has deprecated its use.

https://support.airtable.com/docs/visualizing-airtable-records-in-microsoft-power-bi-power-query

2 Replies 2
secubic
4 - Data Explorer
4 - Data Explorer

Using PAT in plain text as connector part exposes some security risks so always try to avoid "raw text".


My idea  for your problem is to set  PAT in environment variables what will give you using it without embedding it directly in the code (WIN: "set AIRTABLE_PAT=your_pat_here" , LINUX: "export AIRTABLE_PAT=your_pat_here").
In similar case I used a secure cloud storage solution, but I do not remember what exactly (you can check one of: Azure Key Vault, AWS Secrets Manager or Google Cloud Secret Manager).

It is always worth to consider use of 2FA / OAuth2  implementation.

Oh... first thing first - if you use private DNS like PiHOLE check  Pi logs if endpoint isn't blocked by gravity.

GavinA
8 - Airtable Astronomer
8 - Airtable Astronomer

As an FYI, if you are importing Airtable to Excel and want an easy method which shields your data and does not expose PAT then here is our quick guide:

https://www.csvgetter.com/blog/export-airtable-to-excel