Security
Environmental Variables
| Component | Variable Name | Default | Description |
|---|---|---|---|
| PostgreSQL | POSTGRES_USER | admin | Username for PostgreSQL database. |
| POSTGRES_PASSWORD | admin | Password for PostgreSQL database. | |
| POSTGRES_ENCRYPTION_KEY | your-encryption-key | Encryption key for securing sensitive data in PostgreSQL. | |
| PgAdmin4 | PGADMIN_DEFAULT_EMAIL | admin@admin.com | Default email for logging into PgAdmin4. |
| PGADMIN_DEFAULT_PASSWORD | admin | Default password for logging into PgAdmin4. | |
| JupyterLab | JUPYTER_LAB_TOKEN | my-token | Token for authenticating access to JupyterLab. |
| Plaid API | PLAID_CLIENT_ID | clientid | Client ID provided by Plaid for API access. |
| PLAID_SECRET | secret | Secret key provided by Plaid for API access. | |
| PLAID_ENV | sandbox | Environment for Plaid API (use ‘sandbox’ for testing or ‘production’ for real data). | |
| PLAID_PRODUCTS | transactions | List of Plaid products to be used, such as ‘auth’ and ‘transactions’. | |
| PLAID_COUNTRY_CODES | US,CA | List of country codes to support for Plaid integration. | |
| PLAID_REDIRECT_URI | Redirect URI for handling Plaid API responses (optional). |
Querying APIs
APIs calls are made over HTTPs using standard python requests library to Plaid (see Official Plaid Documentation)
These calls are facilitated through Core APIs (Authentication)
Token Storage
Intermediary link tokens are kept in python kernel memory. These get destroyed when you restart the kernel.
Public Access tokens (which grant access to query your accounts) are encrypted at rest using PostgreSQL’s pgcrypto functions against the POSTGRES_ENCRYPTION_KEY set at Docker build time.