Encrypt PDI passwords

PDI has a basic obfuscation method for making it difficult for casual people to lift passwords for DB connections. I have customers that maintain different versions of a “shared.xml” file that maintain different physical connections to databases (think development, QA/testing, and production).

In order to generate the different shared.xml, a user has to usually (per Matt Casters comment below there is a utility that allows user to do this outside of Spoon) open up PDI, created the connections, save them, and then sometimes copy and paste the sections needed to create their “dev” version of shared.xml or their “production” version of shared.xml. Many times this just to generate the password, as they can hand edit the other pieces (hostname, schema, etc).

I just committed a quick little PDI transformation that gives you the PDI encrypted form of a password.

201001291332

Happy Password Encrypting!

5 thoughts on “Encrypt PDI passwords

  1. Nicholas Goodman Post author

    Matt – can you tell that I’ve never used it? 🙂

    This customer did want to do several passwords; that can also be done in a bash script or the like as well.

    Consider it an example KTR for password obfuscation and another example of how to call Java objects from inside Kettle since that seems to be a recent theme!

    Happy Friday!

    Reply
  2. Rodrigo Haces

    Cool, with your example and Matt’s answer at pentaho forum -> http://forums.pentaho.org/showthread.php?t=59651 <- I just managed to get the MD5 sum from a list of files:

    var md5_hash = ”;
    file = new Packages.java.io.File(filename.getString());
    fileInputStream = new Packages.java.io.FileInputStream(file);
    var content = Packages.org.pentaho.di.core.Const.createByteArray(file.length());
    fileInputStream.read(content, 0, file.length());
    fileInputStream.close();
    md5_hash = Packages.org.apache.commons.codec.digest.DigestUtils.md5Hex(content);

    Thanks!!

    Reply
  3. Rodrigo Haces

    Via Daniel Einspanjer.. “Kettle has actually had functions in the Calculator step that do file hashes for a while…”.

    Please look at the forum above for an example ktr

    Reply

Leave a Reply to Jeff Huth Cancel reply

Your email address will not be published. Required fields are marked *