Secure Hue Passwords with Scripts

Hue lets you secure passwords in one consolidated script, or multiple individual scripts. Hue runs each password script at startup and extracts passwords from stdout.

Store scripts in a directory that only Hue can read, write, and execute. You can choose password script names but you cannot change hue.ini property names to which you assign those scripts.

  1. At the command line, create one or more password scripts. For example, create a consolidated script named my_passwords_script.sh:
    #!/bin/bash
    
    SERVICE=$1
    
    if [[ ${SERVICE} == "ldap_password" ]]
    then
     echo "your_ldap_password"
    fi
    
    if [[ ${SERVICE} == "ssl_password" ]]
    then
     echo "your_ssl_password"
    fi
    
    if [[ ${SERVICE} == "bind_password" ]]
    then
     echo "your_bind_password"
    fi
    
    if [[ ${SERVICE} == "db_password" ]]
    then
     echo "your_database_password"
    fi
  2. Log on to Cloudera Manager and go to Hue > Configuration.
  3. Search on ​Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini:
  4. Add script properties, for example:
    [desktop]
    ldap_username=hueservice
    ldap_password_script="/var/lib/hue/password_script.sh ldap_password"
    ssl_password_script="/var/lib/hue/password_script.sh ssl_password"
    
    [[ldap]]
    bind_password_script="/var/lib/hue/password_script.sh bind_password"
    
    [[database]]
    db_password_script="/var/lib/hue/password_script.sh db_password"
  5. Click Save Changes and Restart Hue.