You can secure passwords in Data Explorer by using one
consolidated script, or multiple individual scripts. Data Explorer runs
each password script at startup and extracts passwords from stdout.
Store scripts in a directory that only Data Explorer can read,
write, and execute. You can choose password script names but you cannot change
hue.ini property names to which you assign those scripts. Add the suffix
_script to any password property and set it equal to the script name.
-
At the command line, create one or more password scripts. For
example, create a consolidated script named
my_passwords_script.sh:
#!/bin/bash
SERVICE=$1
if [[ ${SERVICE} == "ldap_password" ]]
then
echo "<your_ldap_password>"
fi
if [[ ${SERVICE} == "ssl_password" ]]
then
echo "<your_ssl_password>"
fi
if [[ ${SERVICE} == "bind_password" ]]
then
echo "<your_bind_password>"
fi
if [[ ${SERVICE} == "db_password" ]]
then
echo "<your_database_password>"
fi
-
Log on to Cloudera Manager and go to .
-
Search on Hue Service Advanced Configuration Snippet
(Safety Valve) for hue_safety_valve.ini.
-
Add script properties. In the following example, the required
_script
is added to the password property:
[desktop]
ldap_username=hueservice
ldap_password_script="/var/lib/hue/password_script.sh ldap_password"
ssl_password_script="/var/lib/hue/password_script.sh ssl_password"
[[ldap]]
bind_password_script="/var/lib/hue/password_script.sh bind_password"
[[database]]
db_password_script="/var/lib/hue/password_script.sh db_password"
-
Click Save Changes and Restart
Hue.
