Providing credentials with DSE tools

Through authentication, the database establishes the identity of the person or system that is attempting an operation. Authentication works with any combination of DSE authentication, LDAP pass-through authentication, and Kerberos authentication.

Authentication is supported for use with dse commands, dse client-tool, and the dsetool utility.

Providing credentials

You can provide authentication credentials in several ways:

Command line

Provide login credentials on the command line:

$ dse [<connection_options>] <subcommand>
dse client-tool [<connection_options>] <subcommand>
dsetool [<connection_options>] <subcommand>

where the connection_options include:

  • -f <config_file> - the path to a configuration file that stores credentials. If not specified, then use ~/.dserc if it exists.

    The configuration file can contain DataStax Enterprise and JMX login credentials. For example:


    The credentials in the configuration file are stored in clear text. DataStax recommends restricting access to this file only to the specific user.

  • dse -u <username> is the user name to authenticate for database access.

  • dsetool -l <username> is the user name to authenticate for database access.

  • -p <password> is the password to authenticate for database access. If you do not provide a password on the command line, you are prompted to enter one.

  • -a <jmx_username> is the user name for authenticating when local JMX authentication is enabled.

  • -b <jmx_password> is the password for authenticating when local JMX authentication is enabled. If you do not provide a password on the command line, you are prompted to enter one.

  • <subcommand> is any dse, dse client-tool, or dsetool subcommand.

DataStax provided utilities typically have the following command line options for credentials:

dse -u <user_name> [ -p <password>] <command>

Where the command line options for each supported tool are:

  • dse advrep

    dse -u <user_name> [-p <password>] advrep <command> <subcommand>
  • dse fs

    dse -u <username> [-p <password>] fs
  • dse spark

    dse -u <username> [-p <password>] spark [<options>]
  • dse spark-class

    dse -u <username> [-p <password>] spark-class <options>
  • dse spark-submit

    dse -u <username> [-p <password>] spark-submit <options>
  • dse spark-jobserver

    dse -u <username> [-p <password>] spark-jobserver <options>
  • dse spark-history-server

    dse -u <username> [-p <password>] spark-history-server <options>
  • dse spark-sql

    dse -u <username> [-p <password>] spark-sql-thriftserver <options>
  • dse pyspark

    dse -u <username> [-p <password>] pyspark <options>
  • dse spark-sql

    dse -u <username> [-p <password>] spark-sql <options>
  • dse SparkR

    dse -u <username> [-p <password>] sparkR <options>
  • dse client-tool connection options

    dse -u <username> [-p <password>] client-tool <subcommand> <options>
  • dse gremlin-console

    dse -u <username> [-p <password>] gremlin-console
~/.dserc file

Create a file named .dserc in your home directory. The ~/.dserc file contains the cassandra user name and password:


When you launch a password-protected tool and authentication is not provided on the command line, the credentials in the ~/.dserc file are used. The ~/.dserc is ignored when a configuration file is specified with -f.

Environment variables for dse client-tool, dse gremlin-console, and Spark commands

To increase security and prevent authentication credentials from appearing in log files, DataStax recommends using environment variables instead of passing credentials on the command line or in the .dserc file. Add the environment variables to your Bash .profile or .bash_profile files.

Use environment variables DSE_USERNAME and DSE_PASSWORD to specify a user name and password:

export DSE_USERNAME=<username>
export DSE_PASSWORD=<password>

Use environment variable DSE_TOKEN to specify a delegation token when Kerberos is used:

export DSE_TOKEN=<delegation_token>

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000,