Password Encryption in Azkaban Configuration Files

Passwords in azkaban.local.properties and azkaban-users.xml can an should be protected. The azkaban.local.properties setting 'azkaban.passwordEncryption' determines the encryption method Azkaban  will use to decrypt during startup.

There are 3 available types of encryption that can be set in 'azkaban.passwordEncryption':

Using Windows DPAPI Encryption

If you have a Windows based Azkaban Web server using DPAPI properties file password encryption then you will need to first encrypt your passwords with DPAPI using the Windows User that the Web Server Service runs under. See this section for creating the encrypted DPAPI base64 strings with PowerShell, or use the Encryption Utility to perform the same function.

Using WALLET Encryption

When using WALLET, in azkaban.local.properties you need to set the value of azkaban.walletCmd to the system command that retrieves the password from the wallet or password manager. For example, if you are using the Linux password manager 'pass' from https://www.passwordstore.org/ the value for azkaban.walletCmd would be set to 'pass $AZKABAN_WALLET_STRING'

In WALLET the passwords in the azkaban.local.properties and azkaban-users.xml file are just plain text strings that represent a credential name stored in the password manager. At run time Azkaban executes the azkaban.walletCmd to retrieve the actual password for the given property.

For more information on Wallet configuration using a standard Linux password manager, visit  https://www.passwordstore.org/

Setting up Azkaban Users

For details on how to set up additional users refer to the Setting Up Users section.

Adjusting Properties

The main properties file azkaban.local.properties for Azkaban Servers is located in the root folder of the Web or Executor Server installation directory. Most changes to the settings in this file will not take effect until the Azkaban Web or Executor Server is restarted.

Work Directory

Bin Directory