diff --git a/src/java/org/apache/sqoop/SqoopOptions.java b/src/java/org/apache/sqoop/SqoopOptions.java
index fc3d847e..e4eb2f20 100644
--- a/src/java/org/apache/sqoop/SqoopOptions.java
+++ b/src/java/org/apache/sqoop/SqoopOptions.java
@@ -33,6 +33,7 @@
 import org.apache.sqoop.accumulo.AccumuloConstants;
 import org.apache.sqoop.util.CredentialsUtil;
 import org.apache.sqoop.util.LoggingUtils;
+import org.apache.sqoop.util.password.CredentialProviderHelper;
 import org.apache.sqoop.validation.AbortOnFailureHandler;
 import org.apache.sqoop.validation.AbsoluteValidationThreshold;
 import org.apache.sqoop.validation.RowCountValidator;
@@ -677,6 +678,16 @@ private void loadPasswordProperty(Properties props) {
       }
     }
 
+    passwordAlias = props.getProperty("db.password.alias");
+    if (passwordAlias != null) {
+      try {
+        setPassword(CredentialProviderHelper.resolveAlias(getConf(), passwordAlias));
+        return; // short-circuit
+      } catch (IOException e) {
+        throw new RuntimeException("Unable to resolve credentials.", e);
+      }
+    }
+
     if (getBooleanProperty(props, "db.require.password", false)) {
       // The user's password was stripped out from the metastore.
       // Require that the user enter it now.
@@ -753,6 +764,11 @@ private void writePasswordProperty(Properties props) {
       return;
     }
 
+    if (getPasswordAlias() != null) { // short-circuit
+      putProperty(props, "db.password.alias", getPasswordAlias());
+      return;
+    }
+
     if (this.getConf().getBoolean(
       METASTORE_PASSWORD_KEY, METASTORE_PASSWORD_DEFAULT)) {
       // If the user specifies, we may store the password in the metastore.