Encrypting passwords in the configuration file of the Data Streamer

To enhance security, you can encrypt passwords that are stored in Kafka configuration files instead of using plain text passwords.

1. Set the required environment variables.

   Run the following commands:

   • export JAVA_HOME=java_installation_directory
   • export CDP_HOME=ds_working_directory
   • export CDP_DATASTREAMER=dataStreamer_jar_file_directory

   JAVA_HOME

   The Java™ installation directory on the Data Streamer system.

   CDP_HOME

   The Data Streamer working directory.

   CDP_DATASTREAMER

   The directory that contains the DataStreamer.jar file.

2. Navigate to the CDP_DATASTREAMER directory and run the encryption script to encrypt the keystore password.

   Run the following commands:

   • cd $CDP_DATASTREAMER
   • ./encryptKafkaPassword.sh ssl_keystore_password

   The script displays output similar to the following example:

   Encrypting password using kafka_passStore...
   Password encrypted successfully!
   Use this format in your gatherer.consumer.properties file:
   ssl.keystore.password=ENC(...)
   ssl.truststore.password=ENC(...)
   ssl.key.password=ENC(...)

3. Repeat Step 2 to also encrypt the truststore password and key password.
   Run the encryption script separately for each password and note the encrypted output that is wrapped in ENC(...).
4. Open the gatherer.consumer.properties file and update the password fields with the encrypted password strings.

   Replace the plain text passwords with their corresponding encrypted strings, including the ENC(...) wrapper. For example:

   • ssl.keystore.password=ENC(encrypted_keystore_password)
   • ssl.truststore.password=ENC(encrypted_truststore_password)
   • ssl.key.password=ENC(encrypted_key_password)
5. Save the gatherer.consumer.properties file.
6. Restart the Data Streamer to apply the changes.