Access Sensitive Information in Standalone Application

Since R2024a

This example shows you how to create an application that retrieves stored secret values to access an SFTP server.

You can avoid exposing sensitive information, such as passwords, in your application code by storing secrets in your MATLAB^® vault. For more information on using secrets in deployment, see Handle Sensitive Information in Deployed Applications.

Store SFTP Credentials in Local MATLAB Vault

At the MATLAB command prompt, store your SFTP server credentials in your local MATLAB vault by calling the setSecret function with the name of your secret. The secret name is a unique case-sensitive text identifier for the secret, which is stored unencrypted in your vault as a string scalar.

Store the username using setSecret.
```
setSecret("myUser")
```
Use the Secret Prompt dialog box to set your username secret value and add the secret to your MATLAB vault. Toggle the eye icon in the text box to hide or show the characters in the field.
Store the password using setSecret.
```
setSecret("myPassword")
```
Use the dialog box to set your password secret value.

Specify Secrets in Secret Manifest JSON File

In your working folder, create a secrets manifest file named secrets_manifest.json that specifies which secrets in the MATLAB vault to embed in the deployable archive. For this example, embed the secrets named myUser and myPassword.

{
     "Embedded": {
       "description": "All secret names specified in this section will be put into the deployed CTF.",
       "secret": ["myUser", "myPassword"]
     }
}

Write MATLAB Code to Deploy

Write MATLAB code to package into a standalone application.

Save the following MATLAB code as secretapp.m. Replace the SFTP server sftp.example.net with your SFTP server hostname.

s = sftp("sftp.example.net",getSecret("myUser"),Password=getSecret("myPassword"))
close(s)

The code uses the getSecret function to retrieve your username and password from the vault. It connects to the SFTP server by calling the sftp function, which creates an SFTP connection object. After displaying information about the server connection, the connection is closed.

Create Standalone Application Using `mcc`

Package the code into a standalone application using mcc. Use the mcc -J option to specify the JSON secret manifest file.

mcc -m secretapp.m -J secrets_manifest.json

mcc generates a standalone application named secretapp in your working directory. The file extension depends on the platform used to generate the application.

Note

The generated standalone executable does not include MATLAB Runtime or an installer. To create an installer that installs the application and MATLAB Runtime, use the compiler.package.installer function.

Run Application

You can test the application in MATLAB using the system command syntax.

!secretapp

  SFTP with properties:

                         Host: "sftp.example.net"
                     Username: "mluser"
                         Port: 22
                 ServerSystem: "Windows"
                 DatetimeType: "datetime"
                 ServerLocale: "en_US"
                 DirParserFcn: @matlab.io.ftp.parseDirListingForWindows
       RemoteWorkingDirectory: "/home/mluser"

If you want to run the application on another machine, you must install MATLAB Runtime at the same update level or newer. For more information, see Download and Install MATLAB Runtime.

Note

To run the application without using the generated shell script on Linux^® and macOS, you must first add MATLAB Runtime to the library path. For details, see Set MATLAB Runtime Path for Deployment.