Secure options to provide Hive password during a Sqoop import

Learn about the secure options that you can use to provide the Hive password during Sqoop-Hive imports instead of the earlier way of providing the password as plaintext in the command-line interface.

When importing data into Hive using Sqoop and if LDAP authentication is enabled for Hive, the necessity to set the Hive password parameter directly in the command-line poses a potential vulnerability. Passwords provided in plaintext within command-line interfaces are susceptible to unauthorized access or interception, compromising sensitive credentials and, subsequently, the security of the entire data transfer process.

You can use the following Sqoop arguments in your Sqoop import command:

The following Sqoop arguments are introduced that allow you to provide the Hive password in a secure way during the Sqoop-Hive import process:

Sqoop argument Description
-promptHivePassword Prompts the user to enter the Hive password
--hive-password-file <***FILE PATH***> Stores the Hive password in a file and uses it during the import
--hive-password-alias <***ALIAS NAME***> Stores the Hive password in a Credential Provider facility with an alias associated with the actual value in the credential storage

Along with securely providing the Hive password to Sqoop, it is essential that the password is safely persisted in the Hive metastore when saving a Sqoop job related to Hive.