How to set up encryption of the passwords in Talend Studio

Overview

Whether from a company or from an individual, passwords are always critical assets that should not be shared. You may ask for a way to hide the passwords in Talend Studio so that the passwords are not exposed to others. This article shows how to setup encryption of the passwords with ROT13 algorithm.


Environment

This procedure was written with:

  • Talend Open Studio for Data Integration 5.2.0 r92826.
  • JDK version: Sun JDK build 1.6.0_26-b03
  • Operating system: Windows XP SP3
  • Mysql 5.0.67-community-nt

Talend verified this procedure to be compatible with all versions of Talend Studio.


Procedure

Encrypt the password with ROT13 algorithm

This example uses the ROT13 algorithm to encrypt the password. For more information on how to transform your real password to an encryption string, refer to the ROT13 Wikipedia article. For example, the password for a MySQL connection could be "talend", which can be transformed to "gnyraq" with the ROT13 algorithm.


Create a custom routine

  1. In Talend Studio, open the Repository view.

  2. Expand the Code node.

  3. Right-click Routines to create a new routine named "MyRoutine" (for example).

  4. Add a new function named "decrypt" that will use the decryption mechanism of the ROT13 algorithm to decrypt the encryption string of the password. The code of the function is below:

    public class MyRoutine {
        public static String decrypt(String encryptedPassword) {
            StringBuffer output = new StringBuffer();
            // Can be any complex algorithm (SHA, DES etc)
            // Here we chose a very simple decryption mechanism, ROT13
            for (int i = 0; i < encryptedPassword.length(); i++) {
                char c = encryptedPassword.charAt(i);
                if (c >= 'a' && c <= 'm')
                    c += 13;
                else if (c >= 'A' && c <= 'M')
                    c += 13;
                else if (c >= 'n' && c <= 'z')
                    c -= 13;
                else if (c >= 'N' && c <= 'Z')
                    c -= 13;
                output.append(c);
            }
            return output.toString();
        }
    }

 

Create a demo Job

  1. Create a new Job and name it EncryptPasswordWithR0T13Demo. This Job uses a tMysqlInput to read data from a table called person from the database (it can be configured to read data from any a table) and print the result on the console with a tLogRow component. The Job design is as follows:

    job_design.png


  2. Open the Contexts view, create a String type variable, and name it password.

    context_view.png


  3. Click the Values as table tab, and set the password variable's default value to be the encryption string that you got when you transformed the real password with the ROT13 algorithm, in this case, it is "gnyraq".

    context_values.png


  4. In the Basic settings panel of tMysqlInput_1, configure the Password parameter by calling the custom routine function MyRoutine.decrypt(context.password).

    tmysqlInput_1.png


    The demo Job and custom routine are also available in the EncryptPasswordWithROT13Demo.zip file attached to this article.

 

Execute the Job to check the DB connection

Execute the Job to check whether it is able to connect to the database and read data from it. If the Job runs fine and has result printed on the console, that means the DB parameters are configured well in tMysqlInput_1, otherwise the Job will die and throw the exception below:

Exception in component tMysqlInput_1
java.sql.SQLException: Access denied for user 'root'@'localhost' (using password: YES)
	at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1075)

This error indicates that the authentication is not right for the DB connection. To resolve it, you need to check the following items:

  1. Make sure you have the right username/password for the DB connection before you encrypt the password with ROT13 algorithm.
  2. Check you have transformed the right encryption string from your real password.
  3. Make sure you have defined the default value of the context variable with the encryption string.
Version history
Revision #:
6 of 6
Last update:
‎06-16-2017 07:30 PM
Updated by:
 
Labels (1)