Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Current terminology for some encryption capabilities within NiFi creates unnecessary confusion due to reusing similar words. NiFi supports the following property encryption capabilities:
1. Encryption of values in nifi.properties using the SensitivePropertyProvider interface and implementations
2. Encryption of property values in flow components using the PropertyEncryptor interface and implementations
The following two property names in nifi.properties define the behavior of flow component property encryption:
1. nifi.sensitive.props.key
2. nifi.sensitive.props.algorithm
Although these two property names predate the SensitivePropertyProvider interface, changing these property names would clarify their purpose within the framework.
Introducing new property names should maintain backward compatibility. In light of the fact that nifi.sensitive.props.key serves as the source for a key derivation function, this might be better described as a password or passphrase.
Potential options for renaming these properties include the following:
1. nifi.flow.property.encryption.password
2. nifi.flow.property.encryption.algorithm
These property names provide a strong association with NiFi Flow component properties and avoid potential confusion associated with SensitivePropertyProvider capabilities.