Create Credentials

Copy-paste examples of how to create credentials with SQL

Several authentication schemes across multiple providers are supported. For a detailed overview of all of the provider-specific options, see the SQL documentation.

Amazon S3

S3 Access Key
1
2
3
4
CREATE CREDENTIAL s3_cred
TYPE = 'aws_access_key',
IDENTITY = 'AKIAIOSFODNN7EXAMPLE',
SECRET = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
IAM Role
1
2
3
4
5
6
7
8
CREATE CREDENTIAL s3_cred
TYPE = 'aws_iam_role',
IDENTITY = 'AKIAIOSFODNN7EXAMPLE',
SECRET = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
WITH OPTIONS
(
    's3_aws_role_arn' = 'arn:aws:iam::123456789012:user/JohnDoe'
)

Azure

Password
1
2
3
4
CREATE CREDENTIAL azure_cred
TYPE = 'azure_storage_key',
IDENTITY = 'sampleacc',
SECRET = 'foobaz123'
SAS Token
1
2
3
4
5
6
7
8
CREATE CREDENTIAL azure_cred
TYPE = 'azure_sas',
IDENTITY = 'sampleacc',
SECRET = ''
WITH OPTIONS
(
    'azure_sas_token' = 'sv=2015-07-08&sr=b&sig=39Up0JzHkxhUlhFEjEH9673DJxe7w6clRCg0V6lCgSo%3D&se=2016-10-18T21%A51%A337Z&sp=rcw'
)
OAuth Token
1
2
3
4
5
6
7
CREATE CREDENTIAL azure_cred
TYPE = 'azure_oauth',
IDENTITY = 'sampleacc',
SECRET = ''
WITH OPTIONS
(
    'azure_oauth_token' = 'AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...'
Active Directory
1
2
3
4
5
6
7
8
CREATE CREDENTIAL azure_cred
TYPE = 'azure_ad',
IDENTITY = 'jdoe',
SECRET = 'foobaz123'
WITH OPTIONS
(
    'azure_storage_account_name' = 'sampleacc',
    'azure_tenant_id' = 'x0xxx10-00x0-0x01-0xxx-x0x0x01xx100'

HDFS

Password
1
2
3
4
CREATE CREDENTIAL hdfs_cred
TYPE = 'hdfs',
IDENTITY = 'jdoe',
SECRET = 'foobaz123'
Kerberos Token
1
2
3
4
5
6
7
8
CREATE CREDENTIAL hdfs_cred
TYPE = 'hdfs',
IDENTITY = 'jdoe',
SECRET = ''
WITH OPTIONS
(
    'hdfs_use_kerberos' = 'true'
)
Kerberos Keytab
1
2
3
4
5
6
7
8
CREATE CREDENTIAL hdfs_cred
TYPE = 'hdfs',
IDENTITY = 'jdoe',
SECRET = ''
WITH OPTIONS
(
    'hdfs_kerberos_keytab' = '/path/to/jdoe.keytab'
)

Apache Kafka

Password
1
2
3
4
CREATE CREDENTIAL kafka_cred
TYPE = 'kafka',
IDENTITY = 'jdoe',
SECRET = 'foobaz123'
SSL
1
2
3
4
5
6
7
8
9
CREATE CREDENTIAL kafka_cred
TYPE = 'kafka',
IDENTITY = '',
SECRET = ''
WITH OPTIONS
(
    'security.protocol' = 'SSL',
    'ssl.ca.location' = '/var/private/ssl/kafka.server.truststore.jks'
)
SSL with Keystore
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
CREATE CREDENTIAL kafka_cred
TYPE = 'kafka',
IDENTITY = '',
SECRET = ''
WITH OPTIONS
(
    'security.protocol' = 'SSL',
    'ssl.ca.location' = '/var/private/ssl/kafka.server.truststore.jks',
    'ssl.key.password' = 'foobaz123'
)
SSL with Encryption
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
CREATE CREDENTIAL kafka_cred
TYPE = 'kafka',
IDENTITY = '',
SECRET = ''
WITH OPTIONS
(
    'security.protocol' = 'SSL',
    'ssl.ca.location' = '/var/private/ssl/kafka.server.truststore.jks',
    'ssl.certificate.location' = '/path/to/server.crt',
    'ssl.key.location' = '/var/private/ssl/kafka.client.keystore.jks'
)
SSL with Keystore and Encryption
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
CREATE CREDENTIAL kafka_cred
TYPE = 'kafka',
IDENTITY = '',
SECRET = ''
WITH OPTIONS
(
    'security.protocol' = 'SSL',
    'ssl.ca.location' = '/var/private/ssl/kafka.server.truststore.jks',
    'ssl.certificate.location' = '/path/to/server.crt',
    'ssl.key.location' = '/var/private/ssl/kafka.client.keystore.jks',
    'ssl.key.password' = 'foobaz123'
)
SASL
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
CREATE CREDENTIAL kafka_cred
TYPE = 'kafka',
IDENTITY = '',
SECRET = ''
WITH OPTIONS
(
    'security.protocol' = 'SASL_SSL',
    'sasl.mechanism' = 'PLAIN',
    'sasl.username' = 'jdoe',
    'sasl.password' = 'foobaz123'
)
Kerberos
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
CREATE CREDENTIAL kafka_cred
TYPE = 'kafka',
IDENTITY = '',
SECRET = ''
WITH OPTIONS
(
    'security.protocol' = 'SASL_PLAINTEXT',
    'sasl.mechanism' = 'GSSAPI',
    'sasl.kerberos.service.name' = 'kafka',
    'sasl.kerberos.keytab' = '/etc/security/keytabs/jdoe.keytab',
    'sasl.kerberos.principal' = 'jdoe@example.com'
)
Kerberos SSL
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
CREATE CREDENTIAL kafka_cred
TYPE = 'kafka',
IDENTITY = '',
SECRET = ''
WITH OPTIONS
(
    'security.protocol' = 'SASL_SSL',
    'sasl.mechanism' = 'GSSAPI',
    'sasl.kerberos.service.name' = 'kafka',
    'sasl.kerberos.keytab' = '/etc/security/keytabs/jdoe.keytab',
    'sasl.kerberos.principal' = 'jdoe@example.com',
    'ssl.ca.location' = '/var/private/ssl/kafka.server.truststore.jks',
    'ssl.certificate.location' = '/path/to/cert.ca',
    'ssl.key.location' = '/var/private/ssl/kafka.client.keystore.jks',
    'ssl.key.password' = 'foobaz123'
)