默认情况下,Hive连接metastore数据库的用户名和密码都是在hive-site.xml配置文件中明文设置的,存在安全隐患。生产环境中,这样做是不允许的,因此我们可以采用如下对密码进行加密处理的方式。
-
Original configuration
<property>
<name>javax.jdo.option.ConnectionPassword</name>
<value>xxxxxx</value>
<description>password to use against metastore database</description>
</property> -
Generate a JCEK file
hadoop credential create javax.jdo.option.ConnectionPassword -provider jceks://file//usr/local/clo/ven/hive/conf/hive.jceks
Enter password:
Enter password again:
javax.jdo.option.ConnectionPassword has been successfully created.
org.apache.hadoop.security.alias.JavaKeyStoreProvider has been updated. -
View the new file
-rwx------ 1 hbase hbase 522 Jan 30 04:39 hive.jceks -
Use the new file
vi hive-site.xml
<property>
&l