question Can "javax.jdo.option.ConnectionPassword" be encrypted ? in Archives of Support Questions (Read Only)

Can "javax.jdo.option.ConnectionPassword" be encrypted ?

joda — Mon, 25 Jan 2016 18:23:07 GMT

Hive users can read the hive-site.xml and javax.jdo.option.ConnectionPassword because the password is stored in plane text.

Can I make it encrypted ?

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

nsabharwal — Mon, 19 Aug 2019 11:27:26 GMT

I am using Ambari 2.2

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

nsabharwal — Mon, 25 Jan 2016 19:24:25 GMT

@Junichi Oda

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

joda — Tue, 26 Jan 2016 00:35:28 GMT

@Neeraj Sabharwal

Thank you for your prompt reply.

I alse see that the password is encrypted on Ambari.

On the hive-site.xml in the hive metastore server(/etc/hive/conf/conf.server/hive-site.xml), I can find the password for "javax.jdo.option.ConnectionPassword" that is plane text.

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

nsabharwal — Tue, 26 Jan 2016 00:39:45 GMT

@Junichi Oda

Removing Hive Metastore Password from Hive Configuration

Support for this was added in Hive 0.14.0 with HIVE-7634 and HADOOP-10904. By setting up a CredentialProvider to handle storing/retrieval of passwords, you can remove the need to keep the Hive metastore password in cleartext in the Hive configuration.

https://cwiki.apache.org/confluence/display/Hive/AdminManual+Configuration

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

joda — Tue, 26 Jan 2016 01:10:47 GMT

Thank you for the reference. I will try to do it.

Thanks a lot!!

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

nsabharwal — Tue, 26 Jan 2016 01:17:28 GMT

@Junichi Oda I have never tried it but looks like its going to work 😉 ..Keep us posted on the final results and do accept the best answer to close the thread whenever you are ready

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

nsabharwal — Tue, 26 Jan 2016 02:44:15 GMT

@Junichi Oda If you are using ambari then you will end up hitting an issue on removing "Remove the Hive Metastore password entry (javax.jdo.option.ConnectionPassword) from the Hive configuration"

I am working on finding the option to make it work.

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

joda — Wed, 27 Jan 2016 08:34:39 GMT

@Neeraj Sabharwal

Thank you for your kindness. I'm sorry for the delay in responding.

As you pointed out, I couldn't work "Remove the Hive Metastore password entry from the Hive configuration" with the Ambari.

When the Hive restarts with the Ambari, the hive-site.xml will be removed.

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

nsabharwal — Wed, 27 Jan 2016 08:37:29 GMT

@Junichi Oda

It won't work in this ambari release. Future release, yes

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

joda — Wed, 27 Jan 2016 09:01:39 GMT

@Neeraj Sabharwal

I'm looking forward to that version 🙂

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

nsabharwal — Wed, 27 Jan 2016 09:05:17 GMT

@Junichi Oda we gathered really good details in this thread. You can close this thread by accepting the best answer and let's keep eye on future release notes 😉

Re: Can "javax.jdo.option.ConnectionPassword" be encrypted ?

nsabharwal — Wed, 27 Jan 2016 09:05:20 GMT

@Junichi Oda we gathered really good details in this thread. You can close this thread by accepting the best answer and let's keep eye on future release notes 😉