Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.13.0
    • Fix Version/s: 1.14.0
    • Component/s: Security
    • Labels:
      None

      Description

      Support for encryption of sensitive properties relies on configuration of the Sensitive Properties Key specified using nifi.sensitive.props.key in nifi.properties.  The default behavior of StringEncryptor allows for the key to be blank and falls back to a default value, logging a verbose error message indicating that an explicit key should be provided.

      The fallback to a default value for the Sensitive Properties Key should be removed and an exception should be thrown indicating that the property value is required.  Deployments that already have an explicit value will not be impacted.  Migration guidance for upgrading should include steps to encrypt the configuration using a new key.

      It may be worthwhile generating a random Sensitive Properties Key for new installations where there is no existing flow.  This would new standalone installations to run with a secure key without the need for manual steps.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                exceptionfactory David Handermann
                Reporter:
                exceptionfactory David Handermann
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 3h 20m
                  3h 20m