Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Managing Passwords In Sqoop

avatar
author-rank SK1
Guru

Created on ‎03-04-2016 07:33 AM - edited ‎09-16-2022 03:07 AM

long time waited thing is done and I am very happy to see that we have a got a way to secure and encrypt password in sqoop.

"As of Sqoop 1.4.5, Sqoop supports the use of JAVA Key Store to store passwords, so that you do not need to store passwords in clear text in a file."

root@m1 ~]# hadoop credential create mydb.password.alias -provider jceks://hdfs/user/root/mysql.password.jceks

Enter password:

Enter password again:

mydb.password.alias has been successfully created.

org.apache.hadoop.security.alias.JavaKeyStoreProvider has been updated.

But I have few questions.

1. Where is mydb.password.alias file saved in local machine or hdfs?

2. When we schedule sqoop jobs in oozie or falcon or cron then do we need to create key for that user's home dir whoever is running jobs.

3. Can we see content of mydb.password.alias file ?

5,040 Views
1 ACCEPTED SOLUTION

avatar
author-rank shishir_saxena4
Guru

Created ‎03-04-2016 06:21 PM

@Saurabh Kumar Password is stored in HDFS at location jceks://hdfs/user/<user>/mydb.password.jceks

See http://www.ericlin.me/securely-managing-passwords-in-sqoop

I have not tried 2, but you should grant read access to this file for other user.

View solution in original post

2,064 Views
2 REPLIES 2

avatar
author-rank shishir_saxena4
Guru

Created ‎03-04-2016 06:21 PM

@Saurabh Kumar Password is stored in HDFS at location jceks://hdfs/user/<user>/mydb.password.jceks

See http://www.ericlin.me/securely-managing-passwords-in-sqoop

I have not tried 2, but you should grant read access to this file for other user.

2,065 Views

avatar
author-rank SK1
Guru

Created ‎03-04-2016 07:10 PM

@Shishir Saxena: Thanks for reply.

Actually when I tried above location then it failed like below as expected.

root@m1 ~]# hadoop fs -ls jceks://hdfs/user/

ls: No FileSystem for scheme: jceks

But when I did ls to my user inside hdfs then it listed out that file.

[root@m1 ~]# hadoop fs -ls /user/root/

Found 6 items

drwxr-xr-x - root hdfs 0 2016-01-25 23:30 /user/root/.hiveJars

drwx------ - root hdfs 0 2016-02-29 04:31 /user/root/.staging

drwxr-xr-x - root hdfs 0 2016-02-24 18:16 /user/root/OozieTest

-rwxr-xr-x 3 root hdfs 1484 2016-02-03 21:19 /user/root/Output.json

-rwx------ 3 root hdfs 504 2016-03-02 04:14 /user/root/mysql.password.jceks

[root@m1 ~]# hadoop fs -cat /user/root/mysql.password.jceks

encodedParamst[B[encryptedContentq~Lsun.paramsAlgtLjava/lang/String;LsealAlgq~xpur[B??T?xp0xrjavax.crypto.SealedObject>6=?÷Tp[

_ܬ??uq~?"?5?????-?y?L;XF6??zQ

!z???????"???>I?cU?ɾ!

So It gave my question's answer. Thanks once again.

2,064 Views
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements