Dremio Cloud
Dremio Software
 
On this page

    Encrypt Credentials

    To enable enhanced security for sensitive information, the dremio-admin encrypt CLI command lets you encrypt the values of certrain passwords or secrets in Dremio configuration files.

    Dremio supports encrypted values for the following properties and applicable configuration files:

    Configuration File Configuration Property
    ad.json bindPassword
    azuread.json clientSecret
    dremio.conf keyStorePassword
    keyPassword
    trustStorePassword
    core-site.xml fs.s3a.secret.key
    dfs.adls.oauth2.credential
    dremio.azure.key
    dremio.azure.clientSecret
    oauth.json clientSecret

    Syntax

    Syntax for encrypt command 
    ./dremio-admin encrypt <string_to_encrypt>

    Example

    The following example encrypts the supplied string and returns the encrypted value:

    Encrypt "thisIsSecret" 
    ./dremio-admin encrypt thisIsSecret
    Encrypted output 
    secret:1.90WZLVORD26pwyAg8qKtQqw9Te8Xom5mdkSMmR_U4knjHvoWHM9urj

    Steps to Encrypt a String

    1. On the master node, run the dremio-admin encrypt CLI command using the supplied string.

    2. Copy the entire output starting from secret:, and use this encrypted string for the value of the password or secret in the configuration file.

    3. Restart the master node.

    note:

    Core-site.xml files are not owned by Dremio, so you must add a dremio+ prefix to the secret before it is used in the core-site.xml file. For example, you would use dremio+secret:1.90WZLVORD26pwyAg8qKtQqw9Te8Xom5mdkSMmR_U4knjHvoWHM9urj as the encrypted string.