sqoop and password encryption using password-file option
I'm using sqoop-1.4.3-cdh4.6.0.jar and i'm wondering if the --password-file option is avialable in that version. If yes, can someone give me an example of how the encryption process would be invoked? provide a command example , i can see that the patch has been introduced with cdh4.6.0 but not sure if sqoop 1.4.3 can use it.
Answer
Chances are it's not in CDH 4.6.0 given https://issues.apache.org/jira/browse/SQOOP-1223. I'd upgrade to Sqoop 1.4.5 to get this functionality.
Here's a quick Sqoop command example:
sqoop import \
-Dorg.apache.sqoop.credentials.loader.class=org.apache.sqoop.util.password.CryptoFileLoader \
-Dorg.apache.sqoop.credentials.loader.crypto.passphrase=sqoop2 \
--connect jdbc:mysql://example.com/sqoop \
--username sqoop \
--password-file file:///tmp/pass.enc \
--table tbl
The important parameters to note are:
- org.apache.sqoop.credentials.loader.class - Credentials loader
- org.apache.sqoop.credentials.loader.crypto.alg – The Algorithm used to decrypt the file (default is AES/ECB/PKCS5Padding).
- org.apache.sqoop.credentials.loader.crypto.salt – The salt used to derive a key with the passphrase (default is SALT).
- org.apache.sqoop.credentials.loader.crypto.iterations – Number of PBKDF2 iterations (default is 10000).
- org.apache.sqoop.credentials.loader.crypto.salt.key.len – Derived key length (default is 128).
- org.apache.sqoop.credentials.loader.crypto.passphrase Passphrase used to derive key.
There are several other options available to you as well more.