SQL Client security

Learn about the needed security parameters for Flink SQL Client.


In Kerberos protected environments, you must use kinit <principal> before launching the flink-sql-client. The CLI does not support keytab based Kerberos authentication yet.


YARN sessions that flink-sql-client is connected to should be started with Kerberos keytab and principal properties:
flink-yarn-session -tm 2096 -s 2 -d -nm "<application_name>" \
-D security.kerberos.login.principal=<username> \
-D security.kerberos.login.keytab=<keytab_name>