fgerlits commented on a change in pull request #914:
URL: https://github.com/apache/nifi-minifi-cpp/pull/914#discussion_r498101379
##########
File path: main/MiNiFiMain.cpp
##########
@@ -208,6 +238,10 @@ int main(int argc, char **argv) {
configure->setHome(minifiHome);
configure->loadConfigureFile(DEFAULT_NIFI_PROPERTIES_FILE);
+ if (containsEncryptedProperties(*configure)) {
+ decryptSensitiveProperties(*configure, minifiHome, *logger);
Review comment:
Ouch. Yes, that is a serious problem.
EDIT: as discussed, persisting the `Configure` object doesn't work at the
moment, due to a bug: new properties are added to the `minifi.properties` file,
but existing and modified properties are not updated. So the decrypted
sensitive properties cannot be leaked right now.
I think the best long-term solution would be not to update the sensitive
values in the `Configure` object, but store the key instead, and decrypt the
sensitive values on the fly in the getter function.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
