Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5363 Enhance NiFi Toolkit to handle NiFi Registry
  3. NIFI-5364

ConfigEncryptionTool should handle NiFi Registry

    XMLWordPrintableJSON

Details

    Description

      The CET should encrypt sensitive properties for the NiFi Registry.

      The necessary improvements include:

      • the tool should respect the input filename and not generate a hard-coded nifi.properties file as output; if the input file is nifi-registry.properties and no output filename is provided as an argument, the output file should be nifi-registry.properties as well
      • Keys starting with nifi.registry.* should be detected (currently, the list of sensitive properties is hard-coded, so nifi.registry.security.keystorePasswd doesn't get encrypted, for example)
      • nifi.registry.sensitive.props.additional.keys should be detected
      • nifi.sensitive.props.additional.keys must be manually renamed
      • The encrypted output shows 3 protected when only 2 properties are. This is because nifi.sensitive.props.key was generated but did not persist (because it didn't already exist in nifi-registry.properties)
      • nifi.registry.db.password should be detected

      Attachments

        Issue Links

          Is contained by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. NIFI-5458 Improve NiFi TLS and certificate management

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              alopresto Andy LoPresto
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: