1

I have a question regarding to Elasticsearch. I use Search Guard as transport layer security and when I want to read data from elasticsearch I have to give username and password. Just like this:

import org.apache.spark.{SparkConf, SparkContext}

import org.elasticsearch.spark._

object ReadDataFromES {
def main(args: Array[String]) {
  val conf = new SparkConf()
  .setAppName("SampleESApp")
  .set("es.index.auto.create", "true")
  .set("es.nodes", "localhost:9200")
  .set("es.net.http.auth.user", "elastic_user")
  .set("es.net.http.auth.pass", "elastic_password")
  val sc = new SparkContext(conf)

  print("Reading data \n\n\n")
  val RDD = sc.esRDD("bank/account")
  println(RDD.first())
  println("\n\n")
  /*
  print("Writing data \n\n\n")
  RDD.saveToEs("bank/spark")
  */
}
}

But the problem is that I don't want to have password (value of es.net.http.auth.pass parameter) as plain text in my code. Does anyone know a way to hash this password?

Mrgr8m4
  • 477
  • 3
  • 9
  • 29

2 Answers2

0

There is a common pattern for splitting authentication information from code base. You need to store such information somewhere else which is not controled or is ignored by the source version control system. And you implement the way how to access them in code.

For example, you can store your username and password for elasticsearch in a json file, which is ignored by git or other VCS you use. Then in your code just read the json file, parse username and password and give them to the connection configuration. So the username and password remain only local. If you need to run the code in another place you just need to create a json file with appropirate username and password there.

GoFindTruth
  • 210
  • 2
  • 6
  • 12
-1

You can store the password as encrypted text, and then decrypt it when you need to use it. For instance, see How to encrypt and decrypt String with my passphrase in Java (Pc not mobile platform)?

Or, see this answer val encryptedPassword = BCrypt.hashpw(password.trim(),BCrypt.gensalt())

https://stackoverflow.com/questions/43189900/hash-salt-and-save-password-slick

BCrypt is available (for instance) from Spring

http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/crypto/bcrypt/BCrypt.html

Community
  • 1
  • 1
radumanolescu
  • 4,059
  • 2
  • 31
  • 44