Github user Leemoonsoo commented on the issue:
https://github.com/apache/zeppelin/pull/2599
Thanks @herval for the contribution!!
I tried this branch and have few feedbacks.
#### Document
I could able to create encrypt key with following command.
```
openssl enc -aes-128-cbc -k secret -P -md sha1
```
I'm not sure it's preferred way or there's any better way to create key.
Anyway, It'll be easier to use if we can document this new environment
variable with how to generate key in `/docs/setup/operation/configuration.md`.
#### Protect AES key
In my understanding, if any user can get both AES key (in
`conf/zeppelin-env.sh`) and `conf/credentials.json`, user can decrypt the file.
What do you think? will there be a way to prevent user get both key and
encrypted file?
---
