Securing Credentials
Also available as:
PDF

Encrypt Database and LDAP Passwords in Ambari

By default the passwords to access the Ambari database and the LDAP server are stored as plain text. To have those passwords encrypted, you need to run a special setup command.

Ambari Server will not let you persist the KDC Admin password until you encrypt this database. To encrypt the Ambari Server database, you must configure a security master key, using the following steps.
  1. On the Ambari Server, run the special setup command and answer the prompts: ambari-server setup-security.
  2. Select Option 2:
    Choose one of the following options:
    [1] Enable HTTPS for Ambari server.
    [2] Encrypt passwords stored in ambari.properties file.
    [3] Setup Ambari kerberos JAAS configuration.
  3. Provide a master key for encrypting the passwords. You are prompted to enter the key twice for accuracy.
    If your passwords are encrypted, you need access to the master key to start Ambari Server.
  4. You have three options for maintaining the master key:
    • Persist it to a file on the server by pressing y at the prompt.
    • Create an environment variable AMBARI_SECURITY_MASTER_KEY and set it to the key.
    • Provide the key manually at the prompt on server start up.
  5. Start or restart the Server: ambari-server restart.