Secure Graph Parameters

Secure parameters enable to store sensitive information (like a database password) in an encrypted form.

Regular graph parameters are persisted either in *.grf files (internal parameters) or in *.prm files (external parameters). That means values of your graph parameters are stored in plain xml files. This behaviour is absolutely correct for most usage of graph parameters. But from time to time a graph parameter can represent sensitive information, which should not be saved in plain text file on your file system - for example password to database. For this purpose CloverETL Designer and CloverETL Server provide secure parameters feature.

Graph parameters editor with secure attribute

Figure 37.27. Graph parameters editor with secure attribute


Only String and Multiline string types are supported for parameters that are set as secure. If other type is set, it is ignored and default String type is used. This also applies for component binding.

Using Secure Graph Parameters

To use secure parameters you have to have Master password. To set up the Master password on CloverETL Designer see Master Password. To set up the Master password on CloverETL Server see CloverETL Server documentation.

Use the text as a value of the parameter.

Mark the parameter as secure in parameter properties.

The sensitive information in secure parameters is persisted in encrypted form on file system. Decryption of secure parameter is automatically performed in graph runtime.


Default installation of CloverETL Server does not support secure parameters. If you want to use this feature, please set master password in server web interface (Configuration/Secure parameters). This master password is necessary for correct encryption of your sensitive data.

[Note]Compatibility Notice

You can use Secure parameters on both: CloverETL Designer and CloverETL Server since version 4.0. Until CloverETL Designer 4.0 has been released, the secure parameters were available in CloverETL Server projects only.