Credentials

There are two types of credentials that InfinStor provides Data Scientists

  • S3Proxy Access
  • MLflow CLI Access

S3 Proxy Access

If InfinStor Storage capabilities, i.e. InfinSnap and InfinSlice are enabled, Data Scientists can use the InfinStor supplied S3Proxy Access Key Id and Secret Access Key to access S3Proxy

The access key id and the secret access key must be placed in the user's ~/.aws/credentials file, possibly in a section named infinstor. Here is an example:

[infinstor]
aws_access_key_id = AKIIAFJFOISNF5FALFEU
aws_secret_access_key = sdfjk53t89skgkjngfjknsgui589gkjnsdng

Thereafter users can access InfinSnap and InfinSnap using the profile infinstor. Here is an example using the aws cli

$ aws s3 --profile infinstor --endpoint https://s3proxy.infinstor.com/ ls s3://infinsnap-test-bucket/testdir/

MLflow CLI Access

InfinStor MLflow CLI Authentication uses standard oauth2 tokens.

Create and Download Token File

Pressing the 'Create Token File' button causes a new tab to be opened, and the user will flow through the InfinStor main service' cognito authetication. In the case of Enterprise Licenses, users will have to complete the authentication system configured for that particular Enterprise.

Use Token File for authenticating CLI programs

Once authentication is complete, the browser will download a file named token. This token file must be placed in a sub-directory called .infinstor in the user's home directory.

$ mkdir -p ~/.infinstor
$ cp ~/Downloads/token ~/.infinstor
$ export MLFLOW_TRACKING_URI=infinstor://mlflow.infinstor.com/
$ mlflow experiments list

Revoke Compromised Token

If the token file is compromised, e.g. it has been obtained by some malicious party, the user may revoke access using the 'Revoke Access Token' button. After revocation, access will be denied to programs that use that specific token for authentictsion.

A new token will be issued if the user presses 'Create Access Token' after this.