hide passwords sensitive data trino config files

[manjot-aptus]

I am trying to hide the credentials of Catalog files. But not able to do it. If possible help in this matter.

[ebyhr]

Did you try environment variables https://trino.io/docs/current/security/secrets.html?

[manjot-aptus]

I am using Ubuntu. If I am trying to install trino rpm I am getting an issue. I am using alien package to convert rpm to deb or I tried to install it directly using alien but failed in both cases.

[hashhar]

You can use the tarball directly. No need for the RPM.

Extract the tarball and follow steps at https://trino.io/docs/current/installation/deployment.html

[manjot-aptus]

But for environment variables, we need to use the trino file where we will define to preserver environment variables. I am doing it the first time so don't know the directory structure that I need to follow. If you have any document help me please,

[hashhar]

The place where environment variables are defined depends on how you start Trino. e.g. If you the launcher as described in https://trino.io/docs/current/installation/deployment.html then you can do like

MY_SECRET_ENV_VAR=my-secret-value bin/launcher start

which will make the MY_SECRET_ENV_VAR available only to the Trino process. You can also set the variables in something like /etc/profile but that means that the environment variable will be available to all processes running on system.
The way env var is set depends on how you deploy so it varies from system to system (e.g. systemd makes it easier, docker and k8s have their own mechanisms etc.)

[manjot-aptus]

Thanks, I will try this solution

[jerryleooo]

For JDBC connectors, they support extra credentials in which you can pass the username/password at the runtime instead of writing it in config files, I am working on a document about it: #11791