Skip to main content

Pentaho+ documentation has moved!

The new product documentation portal is here. Check it out now at docs.hitachivantara.com

 
Version Data Integration and Analytics
Hitachi Vantara Lumada and Pentaho Documentation

Use password encryption with Pentaho

  1. Last updated
  2. Save as PDF

Parent article

This article is for IT administrators who have permissions to modify files on the server and the permission to stop and start the server. Perform these tasks when you want to enhance your company's security by encrypting the passwords that are currently stored as plain text in configuration files, for example, if you want to meet specific server security levels for regulatory compliance.

ImportantThese tasks are only for users who have a Pentaho 9.1 installation on their machines. If you upgraded from version 9.0, you must perform the additional tasks located in Post-upgrade tasks before encrypting your passwords.

As a best practice, stop the server before modifying configuration files, then start the server when finished. After you have configured a Pentaho product to use encrypted passwords, all logins with the Pentaho product will use the encrypted passwords. Connect to any databases that were edited to ensure all changes are correct.

Encrypted passwords are supported for the following applications:

You can also use encrypted passwords with JDBC security. See Switch to JDBC security.

Parent Topic
Child Topics

Encrypting a password
Perform the following steps on the machine with the Pentaho Server to create an encrypted password.

Procedure

  1. Stop the server.

  2. At the command line, navigate to the server/pentaho-server directory.

  3. Run the encr.bat command for Windows or the encr.sh command for Linux as shown in the example below:

    encr -kettle <password>
    An encrypted password is created and displays in the console window.
    NoteYou must have a JRE or JDK installed to run this command.

  4. Restart the server and verify that the password is now using encrypted values.

Parent Topic

Using encrypted passwords with Pentaho products

How you apply an encrypted password varies per what Pentaho product is in use.

Parent Topic
Child Topics

Encrypted passwords with Pentaho Data Integration
Perform the following steps to use an encrypted password with Pentaho Data Integration (PDI).

Procedure

  1. Stop the server.

  2. Navigate to the design-tools/data-integration/simple-jndi directory.

  3. Open the jdbc.properties file with any text editor.

  4. Replace all instances of the password value with the encrypted password.

  5. Save and close the file.

  6. Restart the server and verify that all passwords are now using encrypted values.

Results

After you have configured an application to use encrypted passwords, all logins with the Pentaho application will use the encrypted passwords.

Next steps

Connect to any databases that were edited to ensure all changes are operating correctly.
Parent Topic

Encrypted passwords with the Pentaho User Console
Perform the following steps to use an encrypted password with the Pentaho User Console (PUC).

Procedure

  1. Stop the server.

  2. Navigate to the server/pentaho-server/tomcat/webapps/pentaho/META-INF directory.

  3. Open the context.xml file in any text editor.

  4. Replace the password value in every Resource element with the encrypted password.

  5. Save and close the file.

  6. Restart the server and verify that all passwords are now using encrypted values.

Results

After you have configured an application to use encrypted passwords, all logins with the Pentaho application will use the encrypted passwords.

Next steps

Connect to any databases that were edited to ensure all changes are operating correctly.
Parent Topic

Encrypted passwords with PUC email
After you have configured the Pentaho User Console (PUC) with an encrypted password, you can use that password with PUC email.

Perform the following steps to use an encrypted password with PUC’s email.

Procedure

  1. Log in to PUC as an administrator.

  2. Open the Administration Perspective and click the Mail server section.

  3. Enter your encrypted password value in the password field.

    NoteIf you use Gmail, the allow less secure apps to access your account option should be enabled.

  4. Click Test Email Configuration.

  5. Verify that an email was sent to the address you specified.

Parent Topic

Encrypted passwords with the Pentaho Aggregation Designer
To use encrypted passwords with Pentaho Aggregation Designer, you must first centralize your passwords in a jndi.properties file.

Perform the following steps to use an encrypted password with the Pentaho Aggregation Designer.

Procedure

  1. Stop the server.

  2. Create a jndi.properties file to set the default properties using the following code:

    java.naming.factory.initial=org.osjava.sj.SimpleContextFactory
org.osjava.sj.root=file://C:/Users/<username>/.pentaho/simple-jndi
org.osjava.sj.delimiter=/

  3. Save the jndi.properties file in the design-tools/aggregation-designer/lib directory and close the file.

  4. In the user’s home directory, navigate to the .pentaho/simple-jndi directory and open the default.properties file with any text editor.

    1. If you do not have a default.properties file in the <user_HOME_folder>.pentaho/simple-jndi directory, then create a simple-jndi directory in the design-tools/aggregation-designer directory and create a default.properties file in that directory.

    2. Change the following jndi.properties file in the design-tools/aggregation-designer/lib directory to indicate the new location of the default.properties file as shown in the following example:

      org.osjava.sj.root=file://<install directory>/design-tools/aggregation-designer/simple-jndi

  5. Replace the password value in every property in the default.properties file with the encrypted password.

    NoteIf you are using a remote repository, you must change localhost to the correct IP address of the remote repository.

  6. Save and close the file.

  7. Restart the server and verify that all passwords are now using encrypted values.

Results

After you have configured an application to use encrypted passwords, all logins with the Pentaho application will use the encrypted passwords.

Next steps

Connect to any databases that were edited to ensure all changes are operating correctly.
Parent Topic

Encrypted passwords with the Pentaho Metadata Editor
The Pentaho Metadata Editor (PME) stores a password in the default.properties file of the JNDI connection. For information about setting up a JNDI connection, see the article Define JNDI connections for Report Designer and Metadata Editor.

Perform the following steps to use an encrypted password with the PME:

Procedure

  1. Stop the server.

  2. In the user’s home directory, navigate to the .pentaho/simple-jndi directory.

  3. Open the default.properties file with any text editor.

    NoteIf you do not have a default.properties file in a <user_HOME_folder>.pentaho/simple-jndi directory, you must create one.

  4. Replace the password value in every property in the file with the encrypted password.

    NoteIf you are using a remote repository, you must change localhost to the correct IP address of the remote repository.

  5. Save and close the file.

  6. Restart the server and verify that all passwords are now using encrypted values.

Results

After you have configured an application to use encrypted passwords, all logins with the Pentaho application will use the encrypted passwords.

Next steps

Connect to any databases that were edited to ensure all changes are operating correctly.
Parent Topic

Encrypted passwords with the Pentaho Report Designer
The Pentaho Report Designer (PRD) stores a password in the default.properties file of the JNDI connection. For information about setting up a JNDI connection, see the article Define JNDI connections for Report Designer and Metadata Editor.

Perform the following steps to use an encrypted password with the PRD:

Procedure

  1. Stop the server.

  2. Navigate to the design-tools/report-designer/configuration-template/simple-jndi directory.

  3. Open the default.properties file with any text editor.

  4. Replace the password value in every property in the file with the encrypted password.

    NoteIf you are using a remote repository, adjust the localhost address to the correct IP. Also, make sure you use the encrypted password for all occurrences of the password.

  5. Save and close the file.

  6. Copy the default.properties file from the design-tools/report-designer/configuration-template/simple-jndi directory to the .pentaho/simple-jndi directory in the user’s home directory and replace the existing default.properties file.

    NoteIf there is no existing <user_HOME_folder>.pentaho/simple-jndi directory, create the directory and copy the default.properties file into the directory that you create.

  7. Restart the server and verify that all passwords are now using encrypted values.

Results

After you have configured an application to use encrypted passwords, all logins with the Pentaho application will use the encrypted passwords.

Next steps

Connect to any databases that were edited to ensure all changes are operating correctly.
Parent Topic