Passwords in azkaban.local.properties and azkaban-users.xm
l can an should be protected. The azkaban.local.properties setting 'azkaban.passwordEncryption' determines the encryption method Azkaban will use to decrypt during startup.
There are 3 available types of encryption that can be set in 'azkaban.passwordEncryption':
If you have a Windows based Azkaban Web server using DPAPI properties file password encryption then you will need to first encrypt your passwords with DPAPI using the Windows User that the Web Server Service runs under. See this section for creating the encrypted DPAPI base64 strings with PowerShell, or use the Encryption Utility to perform the same function.
When using WALLET, in azkaban.local.properties you need to set the value of azkaban.walletCmd
to the system command that retrieves the password from the wallet or password manager. For example, if you are using the Linux password manager 'pass' from https://www.passwordstore.org/ the value for azkaban.walletCmd
would be set to 'pass $AZKABAN_WALLET_STRING'
In WALLET the passwords in the azkaban.local.properties and azkaban-users.xm
l file are just plain text strings that represent a credential name stored in the password manager. At run time Azkaban executes the azkaban.walletCmd
to retrieve the actual password for the given property.
For more information on Wallet configuration using a standard Linux password manager, visit https://www.passwordstore.org/
For details on how to set up additional users refer to the Setting Up Users section.
The main properties file azkaban.local.properties
for Azkaban Servers is located in the root folder of the Web or Executor Server installation directory. Most changes to the settings in this file will not take effect until the Azkaban Web or Executor Server is restarted.
wherescape.job.workdir
Linux defaults to /tmp
Windows defaults to the defined temp directory of the user (for the system user this will be C:\Windows\Temp
)
wherescape.red.bindir
- this setting allows you to set the path that will be returned by the WSL_BINDIR environment variable in scripts.