David Handermann created NIFI-8230:
--------------------------------------
Summary: Remove default Sensitive Properties Key
Key: NIFI-8230
URL: https://issues.apache.org/jira/browse/NIFI-8230
Project: Apache NiFi
Issue Type: Sub-task
Components: Security
Affects Versions: 1.13.0
Reporter: David Handermann
Support for encryption of sensitive properties relies on configuration of the
Sensitive Properties Key specified using {{nifi.sensitive.props.key}} in
{{nifi.properties}}. The default behavior of {{StringEncryptor}} allows for
the key to be blank and falls back to a default value, logging a verbose error
message indicating that an explicit key should be provided.
The fallback to a default value for the Sensitive Properties Key should be
removed and an exception should be thrown indicating that the property value is
required. Deployments that already have an explicit value will not be
impacted. Migration guidance for upgrading should include steps to encrypt the
configuration using a new key.
It may be worthwhile generating a random Sensitive Properties Key for new
installations where there is no existing flow. This would new standalone
installations to run with a secure key without the need for manual steps.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
