Encrypt Credentials
To enable enhanced security for sensitive information, the dremio-admin encrypt CLI command lets you encrypt the values of certrain passwords or secrets in Dremio configuration files.
Dremio supports encrypted values for the following properties and applicable configuration files:
| Configuration File | Configuration Property |
|---|---|
| ad.json | bindPassword |
| azuread.json | clientSecret |
| dremio.conf | keyStorePassword |
| keyPassword | |
| trustStorePassword | |
| core-site.xml | fs.s3a.secret.key |
| dfs.adls.oauth2.credential | |
| dremio.azure.key | |
| dremio.azure.clientSecret | |
| oauth.json | clientSecret |
Syntax
Syntax for encrypt command./dremio-admin encrypt <string_to_encrypt>
Example
The following example encrypts the supplied string and returns the encrypted value:
Encrypt \"thisIsSecret\./dremio-admin encrypt thisIsSecret
secret:1.90WZLVORD26pwyAg8qKtQqw9Te8Xom5mdkSMmR_U4knjHvoWHM9urj
Steps to Encrypt a String
On the master node, run the
dremio-admin encryptCLI command using the supplied string.Copy the entire output starting from
secret:, and use this encrypted string for the value of the password or secret in the configuration file.Restart the master node.
Core-site.xml files are not owned by Dremio, so you must add a dremio+ prefix to the secret before it is used in the core-site.xml file. For example, you would use dremio+secret:1.90WZLVORD26pwyAg8qKtQqw9Te8Xom5mdkSMmR_U4knjHvoWHM9urj as the encrypted string.