yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-09 18:21:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs/content/v1.1.0/deployment/security/enable-password-masking.md
Pere Miquel Brull 222a8f8984
[Docs] - SSO updates & Connectors workflow config (#12241) 
* Rename docs and clean SSO

* Add connector partials

* Add connector partials

* Rename path
2023-06-30 12:25:11 +02:00

67 lines
1.9 KiB
Markdown
Raw Blame History

---
title: Enable password masking
slug: /deployment/security/enable-password-masking
---
# Enable password masking
The **1.0.0** version of OpenMetadata now includes a new feature that allows users to activate password masking.
This feature was added in response to feedback from our community of users who expressed concerns about the security of
their passwords when using our application.
With the password masking feature enabled, all API calls made by your application will replace the password fields with
asterisks (*) before sending the request. This will prevent the password from being sent in plain text. Even though
passwords are replaced by asterisks, it will not affect when editing a connection, saving will update the passwords only
if they are changed.
{% image
caption="Editing a service connection with masked password."
src="/images/v1.1.0/deployment/mask-password/edit-connection.png"
alt="mask-password" /%}
However, note that the `ingestion-bot` user will still send the password in plain text as it needs to access the API
without any obstructions. This is because the `ingestion-bot` user requires full access to the API, and any masking
would hinder its ability to perform its tasks.
{% note %}
In future releases, the password masking feature will be activated by default.
The feature will be automatically enabled to provide an added layer of security for all API calls made.
{% /note %}
## How to enable the feature
To activate the password masking feature in your application, follow the steps below:
### Docker
Add the following environment variable to the list:
```yaml
# openmetadata.prod.env
MASK_PASSWORDS_API=true
```
### Bare Metal
Edit the `openmetadata.yaml` file as it is shown below:
```yaml
security:
maskPasswordsAPI: true
```
### Kubernetes
Update your helm `maskPasswordsApi` value:
```yaml
# openmetadata.prod.values.yml
openmetadata:
config:
...
maskPasswordsApi: true
...
```
Reference in New Issue View Git Blame Copy Permalink