Question:
How to secure sensitive information like passwords used in Data Collector configuration files or in Cloudera Manager?
Answer:
You can protect sensitive data used in configuration files or in Cloudera Manager by storing the data in an external location and then using the file or exec function to retrieve the data.
Some configuration file properties, such as the https.keystore.password property, require the user to enter a password. Instead of entering the password in clear text in the configuration file, you can store the password outside of the configuration file and then use the file or exec function to retrieve the sensitive data.
Please find more information in our documentation here.
However, the password file cannot contain any white or control character. The best way how to create a file with the password is to run:echo -n "<password>" > password_file.txt.
Cloudera Manager
This works also for SDC installations with Cloudera Manager. It is possible to store the password file in any location and then include the absolute path to the file when calling the password, for example:
lineage.publisher.navigator.config.password=${file("/opt/sdc/navigator_password.txt")}
