How to encrypt passwords in Talend Studio

author
Shicong Hong
EnrichVersion
6.4
6.3
6.2
6.1
EnrichProdName
Talend Open Studio for ESB
Talend Data Fabric
Talend ESB
Talend Big Data Platform
Talend Open Studio for MDM
Talend Big Data
Talend Open Studio for Data Quality
Talend Open Studio for Data Integration
Talend Real-Time Big Data Platform
Talend Data Integration
Talend MDM Platform
Talend Open Studio for Big Data
Talend Data Services Platform
Talend Data Management Platform
task
Design and Development
EnrichPlatform
Talend Studio

How to set password encryption in Talend Studio

Whether from a company or from an individual, passwords are always critical assets that should not be shared. You may ask for a way to hide your passwords in Talend Studio so that the passwords are not exposed to others. This article shows how encrypt passwords with ROT13.

In this example, we will use ROT13 to encrypt the password for a MySQL database connection, so that the password "talend" is transformed to "gnyraq" in the Studio. For more information on the ROT13 algorithm, see https://en.wikipedia.org/wiki/ROT13.

This article applies to all versions of Talend Studio.

Creating a custom routine

In this procedure we will create a custom routine to execute the algorithm for password encryption.

  1. In the Repository tree view of your Talend Studio, expand the Code node, right-click Routines and select Create routine from the contextual menu to create a new routine named MyRoutine.
  2. In the new routine that opened in the routine editor, add a function named decrypt and define the specify mechanism to decrypt the encryption string of the password.

    While it's possible to use any algorithm (SHA, DES, etc.), a very simple decryption mechanism, ROT13, is specified in this example. The code of the function reads as follows:

    public class MyRoutine {
        public static String decrypt(String encryptedPassword) {
            StringBuffer output = new StringBuffer();
            for (int i = 0; i < encryptedPassword.length(); i++) {
                char c = encryptedPassword.charAt(i);
                if (c >= 'a' && c <= 'm')
                    c += 13;
                else if (c >= 'A' && c <= 'M')
                    c += 13;
                else if (c >= 'n' && c <= 'z')
                    c -= 13;
                else if (c >= 'N' && c <= 'Z')
                    c -= 13;
                output.append(c);
            }
            return output.toString();
        }
    }

Validating password transformation using a demo Job

In this procedure we will create a demo Job to validate the password encryption. In this Job, we use a tMysqlInput to read data from a table called person from the database (it can be configured to read data from any a table in your case) and print the result on the console with tLogRow component.

This example assumes that you have a MySQL database, with the following information:

  • host name: localhost
  • port: 3306
  • database name: test
  • user name: root
  • password: talend
  • table name: person
  • table columns:
    • id: type Inter (INT), 2 characters long
    • name: type String (VARCHAR), 20 characters long
    • sex: type String (VARCHAR), 1 character long
  1. Create a new Job and name it EncryptPasswordWithR0T13Demo.
  2. Add a tMysqlInput component and a tLogRow component to your Job.
  3. Open the Contexts view, click the [+] button to create a variable named password, of type String.
  4. Click the Value field and type in the encryption string, gnyraq in our example, which is the string transformed from the real password "talend" using ROT13.
  5. In the Basic settings view of tMysqlInput, click the [...] button next to the Password field, and enter the expression that calls the custom routine function MyRoutine.decrypt(context.password) in the Enter a new password dialog box.
  6. Configure the schema and the other parameters required to ready data from your database. For more information, see tMysqlInput.
  7. Execute the Job to check whether you are able to connect to the database and read data from it.

The Run console displays the data retrieved from the specified database table.

Troubleshooting password encryption

If the Job fails, you may see the following error information on the Run console:

Exception in component tMysqlInput_1
java.sql.SQLException: Access denied for user 'root'@'localhost' (using password: YES)
	at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1075)

This error indicates that you have failed the authentication when trying to connect to the database. Check that:

  • You have the right user name/password for the database connection before encrypting the password using ROT13.
  • You have transformed the right encryption string from your real password using a custom routine.
  • You have provided the encryption string as the default value of context variable.
  • You have correctly configured the database component to call the custom routine function.