You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Support reading password from password file

  • Sqoop should support reading passwords from password file specified by the user. When running jobs, this file should be copied over to HDFS using owner readonly permission.
  • Even better would be supporting copying a password protected keystore (maybe via distributed cache mechanism) that contains the key (since it is often managed by the DBAs). Then the job would pass the decryption password under some owner r/o permission as you describe.
  • For my use case, passwords need to be retrieved dynamically from a separate system. So at run time I would need to generate a file with the passwords in it, or create a keystore (from Java). Ideally I'd make an HTTPS request to the server that knows about the passwords. Which means needing to be able to specify a "password provider" class as a Sqoop parameter, along with an optional parameter to pass in to the constructor so it knows which password I need (depending on the database I'm accessing).
  • We'd like to keep our database passwords as secure as possible, but currently in Sqoop1, the password is plainly visible from the jobtracker xml.
  • No labels