Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Incomplete
-
1.7.0
-
None
Description
The CET should encrypt sensitive properties for the NiFi Registry.
The necessary improvements include:
- the tool should respect the input filename and not generate a hard-coded nifi.properties file as output; if the input file is nifi-registry.properties and no output filename is provided as an argument, the output file should be nifi-registry.properties as well
- Keys starting with nifi.registry.* should be detected (currently, the list of sensitive properties is hard-coded, so nifi.registry.security.keystorePasswd doesn't get encrypted, for example)
- nifi.registry.sensitive.props.additional.keys should be detected
- nifi.sensitive.props.additional.keys must be manually renamed
- The encrypted output shows 3 protected when only 2 properties are. This is because nifi.sensitive.props.key was generated but did not persist (because it didn't already exist in nifi-registry.properties)
- nifi.registry.db.password should be detected
Attachments
Issue Links
- Is contained by
-
NIFI-5458 Improve NiFi TLS and certificate management
- Resolved