Connecting SSTableloader to a Secured Cluster

The sstableloader tool is also called bulk loader. If you run sstableloader from a DataStax Enterprise (DSE) node that is configured for Kerberos or client-to-node/node-to-node encryption using SSL, no additional configuration is required for securing sstableloader operations. sstableloader automatically detects the configuration. On a development machine without SSL, configure Kerberos or SSL as follows:

To use SSL to connect to an unsecured DSE node from a development system, use the sstableloader script to load SSTables into a cluster with client-to-node/node-to-node SSL encryption enabled. Use the following basic options:

resources/cassandra/bin/sstableloader -d 192.168.56.102 /var/lib/cassandra/data/Keyspace1/Standard1 \
  -tf org.apache.cassandra.thrift.SSLTransportFactory \
  -ts <path_to_node_truststore.jks> \
  -tspw <truststore-password>

If you want to configure require_client_auth=true on the target, then add the path to the keystore and keystore password as shown in the following example:

resources/cassandra/bin/sstableloader -d 192.168.56.102 /var/lib/cassandra/data/Keyspace1/Standard1 \
  -tf org.apache.cassandra.thrift.SSLTransportFactory \
  -ts <path_to_node_truststore.jks> \
  -tspw <truststore-password> \
  -ks <path_to_node_keystore.jks> \
  -kspw <keystore-password>

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com