Securing HuePDF version

Securing Hue passwords with scripts

You can secure passwords in Hue by using one consolidated script, or multiple individual scripts. Hue runs each password script at startup and extracts passwords from stdout.

Store scripts in a directory that only Hue can read, write, and execute. You can choose password script names but you cannot change hue.ini property names to which you assign those scripts. Add the suffix _script to any password property and set it equal to the script name.

  1. At the command line, create one or more password scripts. For example, create a consolidated script named my_passwords_script.sh:
    #!/bin/bash
    
    SERVICE=$1
    
    if [[ ${SERVICE} == "ldap_password" ]]
    then
     echo "<your_ldap_password>"
    fi
    
    if [[ ${SERVICE} == "ssl_password" ]]
    then
     echo "<your_ssl_password>"
    fi
    
    if [[ ${SERVICE} == "bind_password" ]]
    then
     echo "<your_bind_password>"
    fi
    
    if [[ ${SERVICE} == "db_password" ]]
    then
     echo "<your_database_password>"
    fi
  2. Log on to Cloudera Manager and go to Hue > Configuration.
  3. Search on ​Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini.
  4. Add script properties. In the following example, the required _script is added to the password property:
    [desktop]
    ldap_username=hueservice
    ldap_password_script="/var/lib/hue/password_script.sh ldap_password"
    ssl_password_script="/var/lib/hue/password_script.sh ssl_password"
    
    [[ldap]]
    bind_password_script="/var/lib/hue/password_script.sh bind_password"
    
    [[database]]
    db_password_script="/var/lib/hue/password_script.sh db_password"
  5. Click Save Changes and Restart Hue.