alopresto commented on a change in pull request #4572:
URL: https://github.com/apache/nifi/pull/4572#discussion_r500695287
##########
File path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/UnpackContent.java
##########
@@ -145,6 +150,15 @@
.addValidator(StandardValidators.REGULAR_EXPRESSION_VALIDATOR)
.build();
+ public static final PropertyDescriptor PASSWORD = new
PropertyDescriptor.Builder()
+ .name("Password")
+ .displayName("Password")
+ .description("Password used for decrypting archive entries.
Supports Zip files encrypted with ZipCrypto or AES")
+ .required(false)
+ .sensitive(true)
+ .addValidator(StandardValidators.NON_BLANK_VALIDATOR)
Review comment:
Variables (the original approach) wouldn't solve this problem, and full
EL support would only solve it if the password was in a predictable flowfile
attribute, which would need to be populated by some repeatable process (likely
manual). Sensitive parameters solve this at the same level of intervention as
variables, and if there is a repeatable process to determine the password, it
can be persisted to a parameter via an API call.
For a high-volume approach, I think you would need some correlation process
between a specific flowfile `filename` attribute and the corresponding password
via some lookup, and there is no mechanism to support this currently. I am
designing some more advanced key management & sensitive property management
functionality (likely via controller services) for other ongoing efforts, and
these may provide a referenceable model for this requirement as well.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
