There are a number of disparate issues around the handling of sensitive properties.
There should be a clear naming strategy to differentiate:
1. component properties that are sensitive (InvokeHTTP password, EncryptContent password etc.)
1. secret framework configuration values (nifi.sensitive.props.key, nifi.security.keystorePasswd, LDAP Manager password, etc.)
This epic regards the first.
- Sensitive component properties should be handled in Expression Language
- Sensitive component properties should be versionable in conjunction with NiFi Registry (this requires distributed key management)
- Dynamic property descriptors on components should be able to be marked as sensitive