Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5458

Improve NiFi TLS and certificate management

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • NiFi security configuration requires substantial knowledge and effort to deploy
    • To Do

    Description

      To securely deploy Apache NiFi requires substantial background knowledge, applied familiarity with a disparate set of tools and operating systems, and disjoint manual effort. The NiFi TLS Toolkit and Encrypt Config Toolkits aim to help, but the former is designed for development/sandbox environments, not integration with enterprise certificate authorities (CA). In addition, NiFi requires tightly coupled security configuration when deploying in a cluster environment, and dynamic horizontal scaling is difficult.

      This epic will serve as an aggregator for all individual tickets related to an ongoing, holistic effort to streamline, automate, and lower the barrier to entry to configuring a secure NiFi deployment.

      • Generating or acquiring signed certificates and converting them to the proper format (JKS, PEM, P12, etc.)
      • Integrating with external certificate providers
      • Securing the sensitive configuration values
      • Automating deployment of configuration values
      • Encapsulating/delegating security configuration for containerization efforts
      • Automating deployment of TLS cipher suites and protocol versions
      • Automating mitigation of TLS vulnerabilities

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            alopresto Andy LoPresto
            alopresto Andy LoPresto

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 40m
                40m

                Slack

                  Issue deployment