Encrypting Database and LDAP Passwords in Ambari
By default the passwords to access the Ambari database and the LDAP server are stored in a plain text configuration file. To have those passwords encrypted, you need to run a special setup command.
Ambari Server should not be running when you do this: either make the edits before you start Ambari Server the first time or bring the server down to make the edits.
- On the Ambari Server, run the special setup command and answer the prompts: - ambari-server setup-security- Select Option - 2: Choose one of the following options:- [1] Enable HTTPS for Ambari server. 
- [2] Encrypt passwords stored in ambari.properties file. 
- [3] Setup Ambari kerberos JAAS configuration. 
 
- Provide a master key for encrypting the passwords. You are prompted to enter the key twice for accuracy. - If your passwords are encrypted, you need access to the master key to start Ambari Server. 
- You have three options for maintaining the master key: - Persist it to a file on the server by pressing - yat the prompt.
- Create an environment variable AMBARI_SECURITY_MASTER_KEY and set it to the key. 
- Provide the key manually at the prompt on server start up. 
 
- Start or restart the Server - ambari-server restart
 

