Details
-
Sub-task
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
-
None
Description
Add support for a HASHICORP_VAULT_TRANSIT PropertyProtectionScheme in the Encrypt Config Tool that can be configured with a Secrets Engine path and the relevant bootstrap.conf properties. This path will be used in the identifier key: "hashicorp/vault/transit/[path]"
The bootstrap.conf provided in the command line must be configured with the following relevant properties in order for the encryption to work:
# HashiCorp Vault Sensitive Property Providers nifi.bootstrap.protection.hashicorp.vault.conf=./conf/bootstrap-hashicorp-vault.conf
The contents of bootstrap-hashicorp-vault.conf should be:
# HashiCorp Vault Sensitive Property Providers (not enabled if the following two properties are not set) vault.uri= # Must point to a properties file with authentication properties as seen in # Spring Vault: https://docs.spring.io/spring-vault/docs/2.3.x/reference/html/#vault.core.environment-vault-configuration vault.authentication.properties.file= # HashiCorp Vault Secrets Engine configuration # If set, enables the 'hashicorp/vault/transit/{path}' protection scheme. Valid characters are alphanumeric, dash, and underscore. vault.transit.path= # Optional HashiCorp Vault configuration vault.connection.timeout=5 secs vault.read.timeout=15 secs vault.ssl.enabledCipherSuites= vault.ssl.enabledProtocols= vault.ssl.key-store= vault.ssl.key-store-type= vault.ssl.key-store-password= vault.ssl.trust-store= vault.ssl.trust-store-type= vault.ssl.trust-store-password=
