We're Moving!

The Vertica Forum is moving to a new OpenText Analytics Database (Vertica) Community.

Join us there to post discussion topics, learn about

product releases, share tips, access the blog, and much more.

Create My New Community Account Now


How can i prevent usage of hardcoded text password when connect to Vertica to connect dynamically? — Vertica Forum

How can i prevent usage of hardcoded text password when connect to Vertica to connect dynamically?

In a private network i connect using cyberark to a remote host where Vertica database also lies. I use several bash scripts saved in a remote host's directory to feed Vertica with data from various sources. The problem is that each of my bash scripts contains the Vertica password hardcoded, so when there will be a need to change the password, i will have to change it manually to each of these scripts. Is there any secure way to make my system more dynamic so that i don't have to change the password by hand. Someone proposed me something like ssh keys? Is this a valid solution? How can i use them?

Answers

  • moshegmosheg Vertica Employee Administrator

    SSH keys are helpful for secure login to servers but they don’t solve the problem of managing passwords for Vertica.
    Here’s how you can securely and dynamically manage Vertica credentials:
    1. Your bash script can query CyberArk via API or CLI to retrieve the password dynamically.
    If the password changes in CyberArk, your scripts don’t need to change.
    Ask your CyberArk admin if CCP or CLI tools are set up.
    2. Instead of keeping the dbadmin password in all files - keep it in one place protected.
    Please consider the following example:

    export VSQL_HOST=YourHostNameOrIP
    export VSQL_DATABASE=YourDbName
    export VSQL_PORT=5433
    export VSQL_USER=dbadmin
    echo 'dbadminpassword' | base64 > /home/dbadmin/.vrtpass
    chmod 600 /home/dbadmin/.vrtpass
    export VSQL_PASSWORD=`cat /home/dbadmin/.vrtpass | base64 -d`
    export VSQL_EDITOR=vim
    
This discussion has been closed.