Passwords and Password Plugins

Hop provides password obfuscation as a way to prevent storing passwords as clear text.

Obfuscation is the deliberate act of creating source or machine code that is difficult for humans to understand[1].

With obfuscated passwords, Hop provides a way to store passwords in a way the makes them hard (but not impossible!) to read. Obfuscated passwords are read by Hop and are converted to the original password as late as possible (e.g. to pass to a database when creating a connection).

Password obfuscation in Hop

Obfuscate passwords are stored in Hop metadata with the 'Encrypted' prefix. The example below shows a database connection with an obfuscated password 'abcd.

  "rdbms": {
      "databaseName": "DBNAME",
      "pluginId": "POSTGRESQL",
      "indexTablespace": "",
      "dataTablespace": "",
      "accessType": 0,
      "hostname": "localhost",
      "password": "Encrypted 2be98afc86aa7f2e4cb79ce10df90acde",
      "port": "5432",
      "pluginName": "PostgreSQL",
      "servername": "",
      "attributes": {},
      "username": "dbuser"
  "name": "DBCONN"

Password obfuscation in Hop Server

Obfuscated passwords for Hop Server can be stored in the server’s .pwd file.

In the example below, Hop’s default server hop.pwd contains the username 'cluster' and the default obfuscated passowrd 'cluster' , with the 'OBF:' prefix.

cluster: OBF:1v8w1uh21z7k1ym71z7i1ugo1v9q,default

Password Encryption (Obfuscation) with Hop Encrypt

Check Hop Encrypt for more information on how to obfuscate or encrypt password for use in Hop or Hop Server.

Password plugins

Password handling in Hop can be implemented as plugins.

The following plugin implementations are available: