Hi everyone!
We have some concerns about Dremio’s security. In this specific case, how and where it stores credentials.
My questions are:
I’m not sure about your specific case, but Dremio store metadata, jobs, etc in a embedded rocksDB
@Paulo_Vasconcellos, As @dacopan said, we store it in RocksDB. The user passwords are of course hashed and cannot be accessed by anyone. The database credentials are stored inside RocksDB and are used by Dremio to authenticate to the data sources. We recommend storing RocksDB on an encrypted file system or disk, and ensuring that only trusted users can access the coordinator’s file system.
What do you mean with “The user passwords are of course hashed and cannot be accessed by anyone.”? Are the credentials inaccessible to everyone including system admins?
I would want to have users credentials and data store configs persistent on host machine volume (I’m running Dremio docker image). Where is this Dremio’s database located in the system path?
Even better, it would be cool if users were stored in a database defined when spinning the docker image.
What is your take on this?
RocksDb is not as transparent as say an Oracle database where you can query DBA_USERS to find list of users and encrypted passwords
We are soon adding dictionary tables like a RDBMS that you can query and get all the information
Thanks
Bali
Thanks folks.
A volume mount pointing to /opt/dremio/data makes my data persistent. The rocksdb and other custom confs data is in there!
A note to anyone who might land here: the volume must be owned by dremio:dremio UID 999 and GID 999
Thanks Bali. This helps.
Does RockDb also store S3 info, IAM Role , Access Key , Secret etc or only DB (SQL/NoSQL) info?
Thanks
@RXThomas, yes, it also stores information used to configure the source connectors (S3, HDFS, Azure storage etc)
@balaji.ramaswamy has this table been made available in Dremio? If yes, can you let me know the details please
@priyanka Which table are you referring to?
[quote=“balaji.ramaswamy, post:5, topic:5231”]
dictionary tables like a RDBMS
[/quote] I meant the tables like “DBA_USERS” in RDBMS - it would be mighty useful to have something like this in Dremio as we continue to add more data.
Hi @priyanka
That is very useful feedback, we are coming up with the concept of system tables soon and is a pretty exciting story, stay tuned
Thanks
Bali
Balaji - is the new features available ? getting the data source credentails/ details? is that queriable?
@raghuj Data source credentials are stored inside the RocksDB and not queryable