mirror of
				https://github.com/open-metadata/OpenMetadata.git
				synced 2025-10-22 14:24:35 +00:00 
			
		
		
		
	
		
			
	
	
		
			66 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
		
		
			
		
	
	
			66 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
|   | --- | ||
|  | title: Enable password masking | ||
|  | slug: /deployment/security/enable-password-masking | ||
|  | --- | ||
|  | 
 | ||
|  | # Enable password masking
 | ||
|  | 
 | ||
|  | The **1.0.0** version of OpenMetadata now includes a new feature that allows users to activate password masking.  | ||
|  | This feature was added in response to feedback from our community of users who expressed concerns about the security of | ||
|  | their passwords when using our application. | ||
|  | 
 | ||
|  | With the password masking feature enabled, all API calls made by your application will replace the password fields with  | ||
|  | asterisks (*) before sending the request. This will prevent the password from being sent in plain text. Even though  | ||
|  | passwords are replaced by asterisks, it will not affect when editing a connection, saving will update the passwords only  | ||
|  | if they are changed. | ||
|  | 
 | ||
|  | {% image | ||
|  | caption="Editing a service connection with masked password." | ||
|  | src="/images/v1.0.0/deployment/mask-password/edit-connection.png" | ||
|  | alt="mask-password" /%} | ||
|  | 
 | ||
|  | However, note that the `ingestion-bot` user will still send the password in plain text as it needs to access the API  | ||
|  | without any obstructions. This is because the `ingestion-bot` user requires full access to the API, and any masking  | ||
|  | would hinder its ability to perform its tasks. | ||
|  | 
 | ||
|  | {% note %} | ||
|  | 
 | ||
|  | In future releases, the password masking feature will be activated by default. | ||
|  | 
 | ||
|  | The feature will be automatically enabled to provide an added layer of security for all API calls made. | ||
|  | 
 | ||
|  | {% /note %} | ||
|  | 
 | ||
|  | ## How to enable the feature
 | ||
|  | 
 | ||
|  | To activate the password masking feature in your application, follow the steps below: | ||
|  | 
 | ||
|  | ### Docker
 | ||
|  | 
 | ||
|  | Add the following environment variable to the list: | ||
|  | 
 | ||
|  | ```yaml | ||
|  | # openmetadata.prod.env
 | ||
|  | MASK_PASSWORDS_API=true | ||
|  | ``` | ||
|  | 
 | ||
|  | ### Bare Metal
 | ||
|  | 
 | ||
|  | Edit the `openmetadata.yaml` file as it is shown below: | ||
|  | 
 | ||
|  | ```yaml | ||
|  | security: | ||
|  |   maskPasswordsAPI: true | ||
|  | ``` | ||
|  | 
 | ||
|  | ### Kubernetes
 | ||
|  | 
 | ||
|  | Update your helm `maskPasswordsApi` value: | ||
|  | 
 | ||
|  | ```yaml | ||
|  | # openmetadata.prod.values.yml
 | ||
|  | global: | ||
|  | ... | ||
|  |   maskPasswordsApi: true | ||
|  | ... | ||
|  | ``` |