[
https://issues.apache.org/jira/browse/DRILL-7547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17047133#comment-17047133
]
ASF GitHub Bot commented on DRILL-7547:
---------------------------------------
dobesv commented on pull request #2001: DRILL-7547: Support credentials store
for mongo connections
URL: https://github.com/apache/drill/pull/2001
# [DRILL-7547](https://issues.apache.org/jira/browse/DRILL-7547): Support
credentials store for mongo connections
## Description
This uses the hadoop `Configuration.getPassword` method to retrieve the
username and password for mongo connections. This allows the user to
supply credentials or credential store configuration in core-site.xml
instead of inlining the credentials in the storage plugin configuration
that is stored in ZooKeeper.
Refer to the CredentialProviderAPI document for more information about
how credential provider plugins work.
## Documentation
### Defining Credentials in the Drill core-site.xml File
To configure the mongo username and password in Drill's core-site.xml file,
navigate to the `$DRILL_HOME/conf` or `$DRILL_SITE` directory, and rename the
`core-site-example.xml` file to `core-site.xml`. Insert your mongo username and
password as shown in the following example:
<configuration>
<property>
<name>drill.exec.store.mongo.username</name>
<value>drill</value>
</property>
<property>
<name>drill.exec.store.mongo.password</name>
<value>secretpassword</value>
</property>
</configuration>
Remove any username and password from your mongo storage plugin
configuration if you do this.
Note: as with the S3 plugin you can configure an external credentials
provider. Refer to those docs for details.
## Testing
JUnit tests and manual test.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> More secure storage for mongodb credentials
> -------------------------------------------
>
> Key: DRILL-7547
> URL: https://issues.apache.org/jira/browse/DRILL-7547
> Project: Apache Drill
> Issue Type: Improvement
> Components: Storage - MongoDB
> Affects Versions: 1.17.0
> Reporter: Dobes Vandermeer
> Priority: Major
>
> Currently you can sort of "hide" S3 AWS credentials in core-site.xml, but for
> the mongodb connection the username and password are accessible from the Web
> UI, API, and ZooKeeper API because it is placed in the configuration for the
> storage plugin.
> I wonder if it would be possible to store the username and password used for
> mongodb connection in a more secure manner, maybe it could be encrypted when
> you first save it, then even if you look at the configuration for the mongodb
> storage plugin via the ZooKeeper API you cannot extract the username and
> password.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
