Securing the JDBC password
Learn how to secure the JDBC password that you provide while creating an external JDBC table.
dbcp.password table property stores the
JDBC password in clear text. To avoid the risk of a password leak, the SHOW CREATE TABLE
[***TABLE NAME***]> and DESCRIBE FORMATTED | EXTENDED [***TABLE
NAME***] statements mask the value of the dbcp.password table property
in their output.However, in production environments, it is recommended that you do not store
the JDBC password in clear text using the dbcp.password table property.
Instead, you can store the password in a Java Keystore file on HDFS or on cloud storage like
Amazon S3.
Run one of the following commands based on the type of storage
- Creating a Java keystore file on HDFS with the key as "host1.password" and password as
"passwd1"
hadoop credential create host1.password -provider jceks://hdfs/user/foo/test.jceks -v passwd1 - Creating a Java keystore file on Amazon S3 with the key as "impala" and password as
"passwd2"
hadoop credential create impala -provider jceks://s3a@dw-impala-test/jceks/demo.jceks -v passwd2
For more information, see the Apache Hadoop CredentialProvider API
Guide.
