Secure Graph Parameters

Secure parameters enable you to store sensitive information (e.g. database password) in an encrypted form.

Regular graph parameters are persisted either in *.grf files (internal parameters) or in *.prm files (external parameters). This means that values of your graph parameters are stored in plain xml files. This behavior is absolutely correct for most usage of graph parameters. But sometimes a graph parameter can represent sensitive information, which should not be saved in a plain text file on your file system - e.g. password to database. For this purpose, CloverETL Designer and CloverETL Server provide the secure parameters feature.

Graph parameters editor with secure attribute

Figure 37.27. Graph parameters editor with secure attribute


Only String and Multiline string types are supported for parameters that are set as secure. If other type is set, it is ignored and the default String type is used. This also applies for component binding.

Using Secure Graph Parameters

To use secure parameters you have to have Master password. To set up the Master password on CloverETL Designer, see Master Password. To set up the Master password on CloverETL Server, see CloverETL Server documentation.

Use the text as a value of the parameter.

Mark the parameter as secure in parameter properties.

The sensitive information in secure parameters is persisted in encrypted form on file system. Decryption of a secure parameter is automatically performed in graph runtime.


Default installation of CloverETL Server does not support secure parameters. If you want to use this feature, please set a master password in the server web interface (Configuration/Secure parameters). The master password is necessary for correct encryption of your sensitive data.

[Note]Compatibility Notice

You can use Secure parameters on both: CloverETL Designer and CloverETL Server since version 4.0. Until CloverETL Designer 4.0 has been released, secure parameters were available in CloverETL Server projects only.