I have set up 3 shards including local shards on the cluster as shown below.
<log>
<secret>users</secret>
<shard>
<replica>
<host>127.0.0.1</host>
<port>9000</port>
</replica>
</shard>
<shard>
<replica>
<host>remote1</host>
<port>9000</port>
</replica>
</shard>
<shard>
<replica>
<host>remote2</host>
<port>9000</port>
</replica>
</shard>
</log>
And I created a distributed engine table including the shrding key.
When INSERT Query is executed on a distributed table, a directory of shards containing passwords is created in the 'distributed table directory' in the 'ClickHouse data directory'.
For example, if the ClickHouse data directory is
/etc/clickhouse-server/data/
and a distributed table named log_total is created in the local db.
When I execute INSERT INTO local.log_total ..... query.
In this path (/etc/clickhouse-server/data/local/log_total/)
three directories are created as shown below.
default:password@127%2E0%2E0%2E1:9000#dbname
default:password@remote1:9000#dbname
default:password@remote2:9000#dbname
I wish this directories didn't contain passwords.
I thought using the secret tag would solve it, but it wasn't.
Is there any good way?
Please share your experience.
thank you.
There is a setting for this
--use_compact_format_in_distributed_parts_names arg
Changes format of directories names for distributed table insert parts.
and it's enabled by default
SELECT
name,
value
FROM system.settings
WHERE name = 'use_compact_format_in_distributed_parts_names'
┌─name──────────────────────────────────────────┬─value─┐
│ use_compact_format_in_distributed_parts_names │ 1 │
└───────────────────────────────────────────────┴───────┘
If use_compact_format_in_distributed_parts_names=1 then folder name became shard_1_replica_1 without username/password.
What CH version do you use?