222a8f8984
* Rename docs and clean SSO * Add connector partials * Add connector partials * Rename path
1.9 KiB
| title | slug |
|---|---|
| Enable password masking | /deployment/security/enable-password-masking |
Enable password masking
The 1.0.0 version of OpenMetadata now includes a new feature that allows users to activate password masking. This feature was added in response to feedback from our community of users who expressed concerns about the security of their passwords when using our application.
With the password masking feature enabled, all API calls made by your application will replace the password fields with asterisks (*) before sending the request. This will prevent the password from being sent in plain text. Even though passwords are replaced by asterisks, it will not affect when editing a connection, saving will update the passwords only if they are changed.
{% image caption="Editing a service connection with masked password." src="/images/v1.1.0/deployment/mask-password/edit-connection.png" alt="mask-password" /%}
However, note that the ingestion-bot user will still send the password in plain text as it needs to access the API
without any obstructions. This is because the ingestion-bot user requires full access to the API, and any masking
would hinder its ability to perform its tasks.
{% note %}
In future releases, the password masking feature will be activated by default.
The feature will be automatically enabled to provide an added layer of security for all API calls made.
{% /note %}
How to enable the feature
To activate the password masking feature in your application, follow the steps below:
Docker
Add the following environment variable to the list:
# openmetadata.prod.env
MASK_PASSWORDS_API=true
Bare Metal
Edit the openmetadata.yaml file as it is shown below:
security:
maskPasswordsAPI: true
Kubernetes
Update your helm maskPasswordsApi value:
# openmetadata.prod.values.yml
openmetadata:
config:
...
maskPasswordsApi: true
...