Data sources
Where this tenant's raw data comes from. Configure connections, ingest feeds (SFTP folders, email drops), and toggle sources on or off.
Veeva connection
Vault Direct Data API. Powers calls + accounts + users ingestion. No Veeva connection configured for this tenant — add the metadata below, then set the actual password as a Fabric pipeline parameter.
SFTP connection
Master SFTP credentials for all SFTP feeds below. No connection configured for this tenant — add the metadata, then set the actual SSH key as a Fabric pipeline parameter.
SFTP feeds
Each feed = a folder under Files/sftp/<tenant_slug>/<feed_name>/. New files dropped there get ingested by sftp_ingest on the next pipeline run.
| Feed name | Type | Silver target | Notes | Status | Actions |
|---|---|---|---|---|---|
| acme_867 | Incremental | sale | Helios distribution 867 (units shipped) | ||
| acme_call | Full snapshot | call | Field call extract from Helios CRM |
Email drops
Lower-volume CSVs delivered as email attachments. Each drop matches a specific sender + subject pattern; matched messages have their attachment ingested into bronze_<tenant_slug>.email_<feed_name>.
INBOUND_EMAIL_DOMAINenv var not set — the receiving address admins should give to vendors won't show here until configured. See docs/architecture/inbound-email.md.| Feed name | Sender | Subject pattern | Status | Mapping | Actions |
|---|---|---|---|---|---|
| weekly_call_extract | fieldops@helios-demo.com | Weekly Call Extract% | → silver.call |
How to rotate Veeva or SFTP credentials today
Connection passwords + SSH keys are stored as Fabric pipeline parameters (not in Postgres or this app). The columns shown above end in _secret_uri — those are reference labels only; the real secret is set on the Fabric pipeline that runs the ingest notebooks. To rotate:
- Update the credential at the source (Veeva account password or SFTP key file).
- Open the Fabric workspace → Data Pipelines →
incremental_refresh(or equivalent orchestrator) → Parameters → updateVEEVA_PASSWORD/SFTP_KEY. - Trigger a one-off pipeline run from /admin/pipelines to confirm the new credential authenticates.
Coming in Phase 2: Azure Key Vault integration will move credential rotation into this UI — admins will be able to enter the new value here and the system will write to KV + reload the pipeline parameter automatically. Tracked in the deferred secret-management roadmap.