Hi Zeppelin Devs

I am desperately looking for an option not to store the data source passwords in my spark/livy notebooks, but I didn't find it.

But I found https://issues.apache.org/jira/browse/ZEPPELIN-1070 where others are also waiting for this feature.

Unfortunately credentials in Spark/Livy Notebooks can be required on any arbitrary position in the notebook, unless we hard-code something like specific datasources which should then be used.

My suggestion: add something like form variables to be replaced with the stored credentials.

I implemented this feature with the following syntax:

$[user.<credentialkey>] will be replaced with the username of the credential with the key <credentialkey>

$[user.<credentialkey>] will be replaced with the password of the credential with the key <credentialkey>

To not accidentially expose the password from the credential I would scan the return messages and replace all occurrences of the password. This hack is not aiming to be a security feature (assuming that the person running the notebook knows his password anyway), but helpful to not expose the password due to REPL-Response.

You can find my implementation here:


Let me know what you think, if this could be a way to go I would start a pull request.


Reply via email to