Cloudera Data Engineering CLI authentication

The Cloudera Data Engineering (CDE) CLI tool supports both interactive and transparent authentication. For interactive authentication, if you have configured the CLI with your workload username, you are prompted for a password. For transparent authentication, the CDE CLI supports a password file.

The CDE CLI provides the following mechanisms for authentication:

  • Interactive prompt for workload password
  • Workload password specified by CLI flag or environment variable

In all cases, the CLI uses the provided credentials to obtain an authentication token for the specified user, and caches it locally in a file on the machine where the CLI is running. You can disable caching of tokens entirely by using the --auth-no-cache CLI flag or the CDE_AUTH_NO_CACHE environment variable.

The cache file location is automatically determined based on the default system user cache:

  • Linux: $HOME/.cache/cloudera/cde or $XDG_CACHE_HOME/cloudera/cde/
  • macOS: $HOME/Library/Caches/cloudera/cde/
  • Windows: %LocalAppData%\cloudera\cde\

If you want to use a custom location, specify it with the --auth-cache-file flag or the CDE_AUTH_CACHE_FILE environment variable. You can use the special string $USERCACHE, which is expanded according to the default system user cache (as listed above, without the /cloudera/cde/ suffix).

Workload password prompt

When the CLI requires a new token for a virtual cluster, you are prompted for the password for the workload user, identified by the --user CLI flag or the CDE_USER environment variable.

The workload password, for both human and machine users, can be set using the CDP User Management console. For more information, see Managing user access and authorization.

Workload password file

If you do not want to be prompted for your workload password, you can provide a password file. A password file is a file containing your workload password, and nothing else.

You can specify the password file by using an environment variable or a command line flag as follows:

Environment variable
CDE_AUTH_PASS_FILE=</path/to/password/file>
Command line flag
--auth-pass-file </path/to/password/file>