...
In the environment where exposing trustStorePassword
and keyStorePassword
in the connection URL is a security concern, a new option storePasswordPath
is introduced with HIVE-27308 that can be used in URL instead of trustStorePassword
and keyStorePassword
. storePasswordPath
value hold the path to the local keystore file storing the trustStorePassword
and keyStorePassword
aliases. When the existing trustStorePassword
or keyStorePassword
is present in URL along with storePasswordPath
, respective password is directly obtained from password option. Otherwise, fetches the particular alias from local keystore file(i.e., Existing existing password options are preferred over storePasswordPath
).
...
A local keystore file can be created leveraging hadoop credential command with trustStorePassword
and keyStorePassword
aliases like below. And this file can be passed with storePasswordPath
option in the connection URL.
hadoop credential create trustStorePassword -value FDUxmzTxW15xWoaCk6GxLlaoHjnjV9H7iHqCIDxTwoq mytruststorepassword -provider localjceks://file/tmp/store/client_creds.jceks
hadoop credential create keyStorePassword -value FDUxmzTxW15xWoaCk6GxLlaoHjnjV9H7iHqCIDxTwoq mykeystorepassword -provider localjceks://file/tmp/store/client_creds.jceks
Passing HTTP Header Key/Value Pairs via JDBC Driver
...