Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5346

Allow EncryptContent processor to specify PGP key as processor property

    XMLWordPrintableJSON

Details

    Description

      Users have requested the capability to paste the ASCII-armored key contents into an EncryptContent processor property in order to decouple from from an external keyring (for both encryption and decryption).

      The private key would be protected as a sensitive property (encrypted in the flow.xml.gz the same as a password field). The public key can either be protected in the same way, or treated as a plaintext value (it is not sensitive). There should be an additional field to record the unique identifier of the respective key (i.e. key ID or fingerprint + description).

      Specifying all of this information may be confusing on the default processor property dialog, and so an "Advanced"/"PGP" custom UI should be provided which organizes this information in a helpful way.

      Obviously, encrypting with a literal public key or decrypting with a literal private key should be easily interoperable with another encryption/decryption operation (either with another instance of EncryptContent within NiFi referencing an external keyring or using an external tool like GnuPG).

      Attachments

        Issue Links

          Activity

            People

              exceptionfactory David Handermann
              alopresto Andy LoPresto
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 11.5h
                  11.5h