Joe,
You said "... and then all params, _sensitive or otherwise_ set". This is
not what I observed.
I version controlled a Process Group configured with a Parameter Context
containing one non-sensitive parameter value and one sensitive property
value. Then, I instantiated that version controlled Process Group on a
separate NiFi instance. Only the non-sensitive parameter value was
included. The sensitive parameter value says "No value set".
Further, when I look at what is stored in the Registry, I can confirm the
value for the sensitive parameter is not present. I looked down in the
flow_storage directory at the 2.snapshot file corresponding to the flow in
question. It has:
"parameterContexts" : {
"sample PC" : {
"name" : "sample PC",
"parameters" : [ {
"description" : "",
"name" : "regularParam",
"sensitive" : false,
"value" : "test1"
}, {
"description" : "",
"name" : "sensitiveParam",
"sensitive" : true
} ]
}
Note that there is no "value" for "sensitiveParam"; there is only a "value"
for the non-sensitive parameter.
Both NiFi instances are version 1.10. NiFi registry is version 0.5.0.
-Mark
On Thu, Jan 30, 2020 at 4:51 PM Joe Witt <joe.w...@gmail.com> wrote:
> The initial import of a versioned flow and associated parameter context
> requires setting of sensitive values. This does however provide for rather
> simple configuration of a programmatically pushed flow to an instance and
> then all params, sensitive or otherwise set, and the flow run. As well as
> easy subsequent updates.
>
>
> There is no work in the apache nifi community I am aware of to provide a
> central secrets storage solution.
>
> Thanks
>
> On Thu, Jan 30, 2020 at 4:34 PM Mark Bean <mark.o.b...@gmail.com> wrote:
>
> > When storing a version controlled process group in the NiFi Registry, the
> > relevant Parameter Context will get stored as well. Similarly, when a
> > different NiFi instance instantiates that process group from the
> Registry,
> > the instance creates the Parameter Context so it can be used by the
> > process group.
> >
> > However, if there are parameters in the context with values marked as
> > sensitive, then those values are 1) not stored in NiFi Registry and
> > therefore 2) no value is available on any instance pulling the process
> > group from the Registry.
> >
> > Is there work being done to bridge this gap? Are there any
> recommendations
> > on how to supply the sensitive values?
> >
> > Thanks,
> > Mark
> >
>
