Security options

Security options for the dsbulk command

Specify authorization and SSL encryption options for the dsbulk command. For additional information on SSL, see the Oracle Java Guide on SSL.

The options can be used in short form (-k keyspace_name) or long form (--schema.keyspace keyspace_name).

Authorization options

--driver.auth.provider ( None | PlainTextAuthProvider | DsePlainTextAuthProvider | DSEGSSAPIAuthProvider )
The name of the AuthProvider to use. Valid choices are:
  • None: no authentication.

  • PlainTextAuthProvider: Uses com.datastax.driver.core.PlainTextAuthProvider for authentication. Supports SASL authentication using the PLAIN mechanism (plain text authentication).

  • DsePlainTextAuthProvider: Uses com.datastax.driver.dse.auth.DsePlainTextAuthProvider for authentication. Supports SASL authentication to DSE clusters using the PLAIN mechanism (plain text authentication), and also supports optional proxy authentication; should be preferred to PlainTextAuthProvider when connecting to secured DSE clusters.

  • DseGSSAPIAuthProvider: Uses com.datastax.driver.dse.auth.DseGSSAPIAuthProvider for authentication. Supports SASL authentication to DSE clusters using the GSSAPI mechanism (Kerberos authentication), and also supports optional proxy authentication.
    Note: When using this provider you may have to set the java.security.krb5.conf system property to point to your krb5.conf file (e.g. set the DSBULK_JAVA_OPTS environment variable to -Djava.security.krb5.conf=/home/user/krb5.conf). See the Oracle Java Kerberos documentation for more details.

Default: None

-u,--driver.auth.username string
The username to use. Providers that accept this setting:
  • PlainTextAuthProvider
  • DsePlainTextAuthProvider

Default: unspecified

-p,--driver.auth.password string
The password to use. Providers that accept this setting:
  • PlainTextAuthProvider
  • DsePlainTextAuthProvider

Default: unspecified

--driver.auth.authorizationId string
An authorization ID allows the currently authenticated user to act as a different user (proxy authentication). Providers that accept this setting:
  • DsePlainTextAuthProvider
  • DseGSSAPIAuthProvider

Default: unspecified

--driver.auth.keyTab string
The path of the Kerberos keytab file to use for authentication. If left unspecified, authentication uses a ticket cache. Providers that accept this setting:
  • DseGSSAPIAuthProvider

Default: unspecified

--driver.auth.principal email
The Kerberos principal to use. For example, user@datastax.com. If left unspecified, the principal is chosen from the first key in the ticket cache or keytab. Providers that accept this setting:
  • DseGSSAPIAuthProvider

Default: unspecified

--driver.auth.saslServicestring
The SASL service name to use. This value should match the username of the Kerberos service principal used by the DSE server. This information is specified in the dse.yaml file by the service_principal option under the kerberos_options section, and may vary from one DSE installation to another – especially if you installed DSE with an automated package installer. Providers that accept this setting:
  • DseGSSAPIAuthProvider

Default: dse

SSL encryption options

--driver.ssl.cipherSuites list
The cipher suites to enable. For example:
cipherSuites = ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"]
This property is optional. If it is not present, the driver won't explicitly enable cipher suites, which according to the JDK documentation results in "a minimum quality of service".

Default: [ ] (empty list)

--driver.ssl.keystore.algorithm ( SunX509 | NewSunX509 )

The algorithm to use for the SSL keystore.

Default: SunX509

--driver.ssl.keystore.password string

The keystore password.

Default: unspecified

--driver.ssl.keystore.path string

The path of the keystore file. This setting is optional. If left unspecified, no client authentication will be used.

Default: unspecified

--driver.ssl.openssl.keyCertChain string

The path of the certificate chain file. This setting is optional. If left unspecified, no client authentication will be used.

Default: unspecified

--driver.ssl.openssl.privateKey string

The path of the private key file.

Default: unspecified

--driver.ssl.provider ( None | JDK | OpenSSL )

The SSL provider to use. JDK uses the JDK SSLContext and OpenSSL uses Netty native support for OpenSSL. Using OpenSSL provides better performance and generates less garbage. This is the recommended provider when using SSL.

Default: None

--driver.ssl.truststore.algorithm ( PKIX | SunX509 )

The algorithm to use for the SSL truststore.

Default: SunX509

--driver.ssl.truststore.password string

The truststore password.

Default: unspecified

--driver.ssl.truststore.path string

The path of the truststore file. This setting is optional. If left unspecified, server certificates will not be validated.

Default: unspecified