Configure Zeppelin JDBC Password Security Using JCEKS
Apache Zeppelin supports JDBC intepreter passwords stored in JCEKS, to avoid specifying passwords in clear text. This feature prevents users from reading clear text passwords from the interpreter JSON file using the shell or other tools.
Use the following steps to configure Zeppelin JCEKS password security on an Ambari cluster.
Create a keystore file using the hadoop credential command line command, with hadoop commons in the classpath:
hadoop credential create jdbc.password -provider jceks://file/user/zeppelin/conf/zeppelin.jceks
In the Zeppelin UI, click the user settings menu at the top right, then select Interpreter. On the Interpreters page, set the following jdbc properties:
name value default.driver org.postgresql.Driver default.jceks.credentialKey jdbc.password default.jceks.file jceks://file/tmp/zeppelin.jceks default.url jdbc:postgresql://localhost:5432/ default.user rk-user