6. Optional: Encrypt Database and LDAP Passwords

By default the passwords for Ambari's database and for access to the LDAP server are stored in a plain text configuration file. To have those passwords encrypted, you need to run a special setup command.

[Important] Important

Ambari Server should not be running when you do this: either make the edits before you start Ambari Server the first time or bring the server down to make the edits.

  1. Run the special setup command:

    ambari-server encrypt-passwords
  2. Provide a master key for encrypting the passwords. You are prompted to enter the key twice for accuracy.

    [Important] Important

    If your passwords are encrypted, you need access to the master key to start Ambari Server.

  3. You have three options for maintaining the master key:

    • At the Persist prompt, select y. This stores the key in a file on the server.

    • Create an environment variable AMBARI_SECURITY_MASTER_KEY and set it to the key.

    • Provide the key manually at the prompt on server startup.

loading table of contents...