Sqoop Password Encryption ➽➽➽➣
Sqoop ==> A tool designed to easily IMPORT data from DBMS(Relational database management system) into Hadoop cluster and EXPORT data from hadoop cluster to RDBMS.
Sqoop has gained a lot of popularity amongst Hadoop ecosystem which made it one of the
darling tools in the Bigdata industry.
Firstly, when we import or
export data from database through Sqoop then it is mandatory to provide password either through command line interface or through a file placed on a secured server location.
Let's Discuss in detail the various options available for managing passwords in Sqoop.
The First :--PASSWORD
Let's Discuss in detail the various options available for managing passwords in Sqoop.
The First :--PASSWORD
This is a very rudimentary acceptable way of passing a database password to Sqoop if security is not a major concern.
sqoop import --connect jdbc:mysql://localhost:3306/sqoop \
sqoop import --connect jdbc:mysql://localhost:3306/sqoop \
--username root \
--password root \
--table student
Second: -P
One of the problems
with the first option --password is that it logs the
password in shell history.
Luckily, Sqoop supports reading passwords via input stream (STDIN) with echo turned off which in turn prompt users to input the password via. command line interface.
Luckily, Sqoop supports reading passwords via input stream (STDIN) with echo turned off which in turn prompt users to input the password via. command line interface.
sqoop import --connect jdbc:mysql://localhost:3306/sqoop \
--username root \
-P \
--table student
The -P option will tell Sqoop to prompt for a password. This will allow you to pass your password through the standard input stream as below snippet.
The -P option will tell Sqoop to prompt for a password. This will allow you to pass your password through the standard input stream as below snippet.
Third: Passing password through a password file :
The Password file is stored in HDFS(Hadoop Distributed File System) not in local system.
This password file should have 400 (read+write -Only for owner) permission so that it is not exposed to other users.
This password file should have 400 (read+write -Only for owner) permission so that it is not exposed to other users.
Let's follow few steps to create a password file:
- vi sqoop.pwd — Enter the password and save it.
- Transfer the sqoop.pwd file to HDFS by the command below:
hadoop fs –put sqoop.pwd /sqoop.pwd
- Change the ownership and permission of sqoop.pwd file for more security.
- Remove the sqoop.pwd in current directory(non-hdfs)
Post which execute the below command:
sqoop import --connect jdbc:mysql://localhost:3306/sqoop
\
--username root \
--password-file /sqoop.pwd \
--table student \
--target-dir '/sqoop_output/student_test'
Fourth: HADOOP CREDENTIAL PROVIDER
API
In Hadoop 2.6, a fundamental feature
was introduced – the Credential API.
The CredentialProvider API in Hadoop provides a layer of abstraction between application and password the way they are stored
Sqoop 1.4.5 and later versions support the credential API keystore.
Now let's follow below steps to generate an encrypted credential keystore.
The CredentialProvider API in Hadoop provides a layer of abstraction between application and password the way they are stored
Sqoop 1.4.5 and later versions support the credential API keystore.
Now let's follow below steps to generate an encrypted credential keystore.
Note: On prompt, enter the password
that will be used to access the database.
usre@nn1:- $ hadoop credential create
mydb.password.alias -provider jceks://hdfs/user/root/mysql.password.jceks
Enter password:
Enter password again:
After successful generation of keystore below message will be printed.
After successful generation of keystore below message will be printed.
mydb.password.alias has been
successfully created.
org.apache.hadoop.security.alias.JavaKeyStoreProvider
has been updated.
Now you can make use of mydb.password.alias
file in your sqoop command
Add Below Property in sqoop command and change the password.
Add Below Property in sqoop command and change the password.
-Dhadoop.security.credential.provider.path
= jceks://hdfs/user/root/mysql.password.jceks
Then follow the below command:
Then follow the below command:
sqoop import -Dhadoop.security.credential.provider.path=jceks://hdfs/user/root/mysql.password.jceks
--connect jdbc:mysql://localhost:3306/sqoop \
--username sqoop \
--password-alias mydb.password.alias \
--table stdent \
--username sqoop \
--password-alias mydb.password.alias \
--table stdent \
--target-dir '/sqoop_output/student_test'
This way password is hidden inside
jceks://hdfs/user/root/mysql.password.jceks
Note: Alias “mydb.password.alias” is used to provide the password to the sqoop command to connect to the source database.
Very helpful.Thanks for sharing
ReplyDeleteThank you for your valuable comment.
DeleteNicely Explained.
ReplyDeleteThank you for your valuable comment.
DeleteThanks for Explaining. It's very helpful.
ReplyDeleteThank you for your valuable comment.
DeleteGood One Manoj..Keep it up
ReplyDeleteThank you Sir
DeleteNice explanation
ReplyDeleteThank you
DeleteGood Manoj. I liked the way you presented
ReplyDeleteThank you Sir
DeleteThis comment has been removed by the author.
ReplyDeleteCongratulations Manoj!
ReplyDeleteMaking India proud by sharing technology blogs to the World.
Happy Republic day and keep it up!
Thank you Sir
DeleteGood Manoj. I liked the way you presented
ReplyDeletetht was gr8
ReplyDeleteThank you Vivek
DeleteNicely explained Manoj..!
ReplyDeleteKeep writing such helpful articles.
Thank you suyog
DeleteNice explanation Manoj. It's really helpful.
ReplyDeleteThank you Bhaiya
DeleteGood Article Manoj, Keep it coming!
ReplyDeleteCan you put a demo or video demonstrating the same.
ReplyDeleteHi There,
DeleteA detail video related to Sqoop and password Encryption is on its way. Stay tuned.
Great job!!! Keep it up...
ReplyDeleteHi Manoj,
ReplyDeleteNicely explained! Looking forward more such articles on Sqoop.
Also very much keen to see the demo of the same.
Thank you Umesh
DeleteExcellent this is the time if you take more initiative's like these kind of things, your profile will be more elevated and people like us can learn more things
ReplyDeleteThank you Sasanka
DeleteVery well written. Keep on posting 😊
ReplyDeletevery informative. Thanks
ReplyDeleteReally Good blog post.provided a helpful information.I hope that you will post more updates like this Big Data Hadoop Online Training Bangalore
ReplyDeleteInstand Password hack with live screen.Get any password.Click here
ReplyDeleteVery useful..worked in first attempt.
ReplyDeleteSimply excellent
ReplyDelete