mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-07-09 18:21:23 +00:00

* Rename docs and clean SSO * Add connector partials * Add connector partials * Rename path
67 lines
1.9 KiB
Markdown
67 lines
1.9 KiB
Markdown
---
|
|
title: Enable password masking
|
|
slug: /deployment/security/enable-password-masking
|
|
---
|
|
|
|
# Enable password masking
|
|
|
|
The **1.0.0** version of OpenMetadata now includes a new feature that allows users to activate password masking.
|
|
This feature was added in response to feedback from our community of users who expressed concerns about the security of
|
|
their passwords when using our application.
|
|
|
|
With the password masking feature enabled, all API calls made by your application will replace the password fields with
|
|
asterisks (*) before sending the request. This will prevent the password from being sent in plain text. Even though
|
|
passwords are replaced by asterisks, it will not affect when editing a connection, saving will update the passwords only
|
|
if they are changed.
|
|
|
|
{% image
|
|
caption="Editing a service connection with masked password."
|
|
src="/images/v1.1.0/deployment/mask-password/edit-connection.png"
|
|
alt="mask-password" /%}
|
|
|
|
However, note that the `ingestion-bot` user will still send the password in plain text as it needs to access the API
|
|
without any obstructions. This is because the `ingestion-bot` user requires full access to the API, and any masking
|
|
would hinder its ability to perform its tasks.
|
|
|
|
{% note %}
|
|
|
|
In future releases, the password masking feature will be activated by default.
|
|
|
|
The feature will be automatically enabled to provide an added layer of security for all API calls made.
|
|
|
|
{% /note %}
|
|
|
|
## How to enable the feature
|
|
|
|
To activate the password masking feature in your application, follow the steps below:
|
|
|
|
### Docker
|
|
|
|
Add the following environment variable to the list:
|
|
|
|
```yaml
|
|
# openmetadata.prod.env
|
|
MASK_PASSWORDS_API=true
|
|
```
|
|
|
|
### Bare Metal
|
|
|
|
Edit the `openmetadata.yaml` file as it is shown below:
|
|
|
|
```yaml
|
|
security:
|
|
maskPasswordsAPI: true
|
|
```
|
|
|
|
### Kubernetes
|
|
|
|
Update your helm `maskPasswordsApi` value:
|
|
|
|
```yaml
|
|
# openmetadata.prod.values.yml
|
|
openmetadata:
|
|
config:
|
|
...
|
|
maskPasswordsApi: true
|
|
...
|
|
``` |