cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Databricks cluster Encryption keystore_password

Go to solution
kjoth
Contributor II

โ€Ž11-25-2021 02:55 AM

How to set up this value? Is this any value we can provide or the default value we have to p

#!/bin/bash
 
keystore_file="/dbfs/<keystore_directory>/jetty_ssl_driver_keystore.jks"
keystore_password="gb1gQqZ9ZIHS"
sasl_secret=$(sha256sum $keystore_file | cut -d' ' -f1)

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Prabakar
Databricks Employee
Databricks Employee

โ€Ž11-25-2021 04:02 AM

Hi @karthick Jโ€‹ do not change the password from the script. You need to just modify the <keystore_directory> and create the init script.

In the first step of the notebook, you will copy the Keystore file to a directory in DBFS.

As it is Databricks keystore file you cant change the password.

View solution in original post

7 REPLIES 7

Go to solution
-werners-
Esteemed Contributor III

โ€Ž11-25-2021 03:47 AM

I do not exactly understand the question.

Do you want to store secrets like this?

https://docs.databricks.com/security/secrets/index.html

Go to solution
Prabakar
Databricks Employee
Databricks Employee
In response to -werners-

โ€Ž11-25-2021 04:11 AM

This is not for secrets but for Encrypting Traffic Between Worker Nodes. ๐Ÿ˜‰

Go to solution
Prabakar
Databricks Employee
Databricks Employee

โ€Ž11-25-2021 04:02 AM

Hi @karthick Jโ€‹ do not change the password from the script. You need to just modify the <keystore_directory> and create the init script.

In the first step of the notebook, you will copy the Keystore file to a directory in DBFS.

As it is Databricks keystore file you cant change the password.

Go to solution
Hubert-Dudek
Esteemed Contributor III

โ€Ž11-25-2021 04:05 AM

I think as @Werner Stinckensโ€‹ said you need to provide more details what exactly you want to accomplish and where this script is put.

For all secrets the best way is to use databricks secret or Azure Key Valut (or AWS KMS) so you don't store your passwords in code. If you want to encrypt dbfs is better to make own mount and use ready Azure/S3 encryption options using own keys there.

Go to solution
kjoth
Contributor II
In response to Hubert-Dudek

โ€Ž11-25-2021 05:23 AM

Yes, I should have provided more detail, as the question is not clear. I will make sure to ask with clear details forward. Like @Prabakar Ammeappinโ€‹  said, the query was on databricks cluster encrypting Traffic bewteen workers nodes.

Go to solution
Prabakar
Databricks Employee
Databricks Employee

โ€Ž11-25-2021 04:07 AM

Hi @karthick Jโ€‹ please refer to this notebook.

https://docs.microsoft.com/en-us/azure/databricks/_static/notebooks/cluster-encryption-init-script.h...

Further, if you will be using %pip magic command the below post will be helpful.

https://community.databricks.com/s/question/0D53f00001VjwmcCAB/pipconda-doesnt-work-with-encrypted-c...

Go to solution
kjoth
Contributor II
In response to Prabakar

โ€Ž11-25-2021 05:24 AM

Thanks @Prabakar Ammeappinโ€‹ 

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements