Provide credentials on the command line

Hyper-Converged Database (HCD) tools interact directly with the database or use the Java Management Extension MBeans to get metrics and perform operations. Use the command line switch that is relative to the type of operation performed by the command.

Each of the tools listed support prompting for the password when none is provided. Using the option to enter the password on the command line prompt is a security risk because the password appears in plain text in the terminal history.

Credentials for database interactions

When HCD Unified Authentication is enabled, you must provide a username and password to run commands that interact with the database.

HCD utilities

HCD utilities typically have the following command line options for credentials:

hcd -u <user_name> [ -p <password>] <command>

Where the command line options for each supported tool are:

  • hcd cassandra - Start HCD server

    hcd -u <username> [-p <password>] cassandra

  • hcd cqlsh - Run CQL shell

    hcd -u <username> [-p <password>] cqlsh

  • hcd nodetool - Run nodetool commands

    hcd -u <username> [-p <password>] nodetool <subcommand>

Native utilities

The native database utilities typically have the following command line options for credentials:

command -u <username> [-pw <password>] <subcommand>

Where the command line options for each supported tool are:

  • nodetool

    nodetool -u <username> [-pw <password>] <subcommand>

  • SSTable tools

    sstable_command -u <username> [-pw <password>] [<options>]

Credentials for Java Management Extensions (JMX) interactions

When JMX authentication is also enabled, commands that use JMX MBeans to verify status or execute commands require additional credentials. Use the -a <username> and -b <password> before the command.

hcd -a <jmx_username> [ -b <jmx_password>] <command>

When authentication is enabled, set up permission to access MBeans see Controlling access to JMX MBeans.

  • hcd nodetool

  • nodetool (when run directly)

The JMX authentication switch for HCD commands uses:

hcd -a <jmx_username> [ -b <jmx_password>] nodetool <command>

Entering the password in plain text from the command line is not secure; the password may be stored in the terminal history. DataStax recommends entering the password at the prompt instead of using the password option from the CLI.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com