Question:
Is there a way (NIST compliant hashed) for storing passwords and retrieving them into parameters at pipeline load time?
Answer:
We don't currently support encrypting passwords stored on the file system. You can read more about how to reference sensitive values in files here or opt to store your credentials in one of the supported credential stores.
It is a common request that we've received from several customers. There are existing JIRAs to add the ability to encrypt/decrypt values stores on the local filesystem for use within pipelines. We have intentionally not implemented JIRAs such as SDC-3310 or SDC-766 because it is inherently insecure to store the decryption key on the same system as the values being encrypted.
This is also specifically why we have integrated with 3rd party tools such as Cyberark, Hashicorp Vault and implemented our own (for development purposes only) Java Credential Store. We hope that you can take advantage of one of those options.
We have many customers using CyberArk and Hashicorp Vault for these purposes.
