By default the passwords for Ambari's database and for access to the LDAP server are stored in a plain text configuration file. To have those passwords encrypted, you need to run a special setup command.
![[Important]](../common/images/admon/important.png) | Important |
|---|---|
Ambari Server should not be running when you do this: either make the edits before you start Ambari Server the first time or bring the server down to make the edits. |
Run the special setup command:
ambari-server encrypt-passwords
Provide a master key for encrypting the passwords. You are prompted to enter the key twice for accuracy.
Important If your passwords are encrypted, you need access to the master key to start Ambari Server.
You have three options for maintaining the master key:
At the Persist prompt, select
y. This stores the key in a file on the server.Create an environment variable AMBARI_SECURITY_MASTER_KEY and set it to the key.
Provide the key manually at the prompt on server startup.
