Cloudera Data Engineering CLI authentication

The CLI client automatically obtains the necessary authentication tokens to interact with virtual clusters. When the CLI requires a new token for a virtual cluster, you are prompted for the passowrd for theworkload user, identified by the --user flag or CDE_USER environment variable.

The workload password, for both human and machine users, can be set using the CDP User Management console. For more information, see CDP workload user.

By default, the CLI prompts to standard input for the password, but for automation use cases, you can provide a password file, identified by the --auth-pass-file flag or the CDE_AUTH_PASS_FILE environment variable.

The CLI uses the provided password to obtain an authentication token for the specified user, and caches it locally in a file on the machine where the CLI is running. You can disable caching of tokens entirely with the --auth-no-cache flag or the CDE_AUTH_NO_CACHE environment variable.

The cache file location is automatically determined based on the default system user cache:

  • Linux: $HOME/.cache/cloudera/cde or $XDG_CACHE_HOME/cloudera/cde/
  • macOS: $HOME/Library/Caches/cloudera/cde/
  • Windows: %LocalAppData%\cloudera\cde\

If you want to use a custom location, specify it with the --auth-cache-file flag or the CDE_AUTH_CACHE_FILE environment variable. You can use the special string $USERCACHE, which is expanded according to the default system user cache (as listed above, without the /cloudera/cde/ suffix).