HANA hdbuserstore

The hdbuserstore (hana secure user store) is a tool which comes as an executable with the SAP Hana Client package.

This secure user store allows you to store SAP HANA connection information, including user passwords, securely on clients. With the help of secure store, the client applications can connect to SAP HANA without the user having to enter host name or logon credentials. You can also use the secure store to configure failover support for application servers in a 3-tier scenario (for example, SAP Business Warehouse) by storing a list of all the hosts that the application server can connect to.

To access the system using secure store, there are two connect options: (1)key and (2)virtualHostName. key is the hdbuserstore key that you use to connect to SAP HANA, while virtualHostName specifies the virtual host name.

This option allows you to change where the hdbuserstore searches for the data and key files.

Note: The secure user store can only be used for SQLDBC and JDBC-based connections. As SAP HANA studio is based on eclipse, it uses the Eclipse secure storage instead of hdb secure store.


/usr/sap/hdbclient (Linux/UNIX)

%SystemDrive%\Program Files\sap\hdbclient (Microsoft Windows)


Create a key:

hdbuserstore -i SET <key_name> <hostname>:<port>@<DB Name> <Username> <Password>

key_name - Name you want to give to your key
hostname - Hostname on which DB is installed (can be localhost or ip or virtual host)
port - Port number to be used to connect to DB
Username - User for which you are creating the key
Password - Password of the above existing user
DB Name - Database name in MDC environment
Combination of hostname:port is known as environment and represented as env

Note: It's not mandatory to provide DB name while generating key but it's a good practice to prevent conflicts.

hdbuserstore -i SET X vhabcxyzdb:30213@SYSTEMDB SYSTEM hello@123

Remove a key

hdbuserstore DELETE <key_name>

List all keys

hdbuserstore list

Using key to login

hdbsql -U <key_name>
You can know about other possible operations using hdbuserstore -h command.


Connection information stored in the secure store is saved in the secure store file SSFS_HDB.DAT.

On Microsoft Windows, the path of this file is defined by &ltPROGRAMDATA&gt\.hdb\&ltCOMPUTERNAME&gt\&ltSID&gt

For Linux/UNIX systems, the path is defined by &ltHOME&gt/.hdb/&ltCOMPUTERNAME or HOSTNAME&gt, where HOME is the home folder of sidadm user.

If the path does not already exist, then the hdbuserstore program creates it.
The secure store's content is stored in a platform-dependent way. You cannot copy the secure store from one platform to another platform.


  1. Just to add here you can use hdbuserstore list to check the details and presence of this particular key

  2. Is there a way or script to check all user keys are working in single try?


Post a Comment