How can i prevent usage of hardcoded text password when connect to Vertica to connect dynamically?

NikitasMsensis

In a private network i connect using cyberark to a remote host where Vertica database also lies. I use several bash scripts saved in a remote host's directory to feed Vertica with data from various sources. The problem is that each of my bash scripts contains the Vertica password hardcoded, so when there will be a need to change the password, i will have to change it manually to each of these scripts. Is there any secure way to make my system more dynamic so that i don't have to change the password by hand. Someone proposed me something like ssh keys? Is this a valid solution? How can i use them?

mosheg

SSH keys are helpful for secure login to servers but they don’t solve the problem of managing passwords for Vertica.
Here’s how you can securely and dynamically manage Vertica credentials:
1. Your bash script can query CyberArk via API or CLI to retrieve the password dynamically.
If the password changes in CyberArk, your scripts don’t need to change.
Ask your CyberArk admin if CCP or CLI tools are set up.
2. Instead of keeping the dbadmin password in all files - keep it in one place protected.
Please consider the following example:

export VSQL_HOST=YourHostNameOrIP
export VSQL_DATABASE=YourDbName
export VSQL_PORT=5433
export VSQL_USER=dbadmin
echo 'dbadminpassword' | base64 > /home/dbadmin/.vrtpass
chmod 600 /home/dbadmin/.vrtpass
export VSQL_PASSWORD=`cat /home/dbadmin/.vrtpass | base64 -d`
export VSQL_EDITOR=vim