[jira] [Commented] (NIFI-8447) Add Vault encryption as an option in the Encrypt Tool

Tue, 27 Apr 2021 12:43:06 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17333513#comment-17333513
 ] 

Joseph Gresock commented on NIFI-8447:
--------------------------------------

[~jfrazee] Are you using the term "vault" in a more generic way than just 
"HashiCorp Vault"?  Perhaps that's demonstrating the ambiguity of the term.  We 
could be more specific, like nifi.sensitive.props.hashicorp.vault.uri, and then 
the "encryption method" option in the Encrypt Tool would be "hashicorp-vault".

> Add Vault encryption as an option in the Encrypt Tool
> -----------------------------------------------------
>
>                 Key: NIFI-8447
>                 URL: https://issues.apache.org/jira/browse/NIFI-8447
>             Project: Apache NiFi
>          Issue Type: Sub-task
>            Reporter: Joseph Gresock
>            Priority: Minor
>
> Using the StandardVaultCommunicationService, add options to the Encrypt Tool 
> in nifi-toolkit for the following:
>  # Select encryption method (aes/gcm vs. vault)
>  # Select vault configuration (recommended as a 
> vault-configuration.properties file, since there are so many configuration 
> properties).  Vault configuration properties include: 
> {code}
> nifi.sensitive.props.vault.uri=
> nifi.sensitive.props.vault.transit.key=
> nifi.sensitive.props.vault.auth.properties.file=
> # Optional TLS options if addr is https
> nifi.security.keystore=
> nifi.security.keystoreType=
> nifi.security.keystorPasswd=
> nifi.security.keyPasswd=
> nifi.security.truststore=
> nifi.security.truststoreType=
> nifi.security.truststorePasswd=
> {code}
> Selecting vault encryption method should set the encryption value in XML 
> files or the *.protected property in properties files to "vault/[transitKey]"
> A transitKey represents a distinct Vault configuration of encryption settings.
> Additionally, the corresponding nifi.sensitive.props.vault.* properties 
> should be configured in the resulting nifi.properties file so that the NiFi 
> instance can use the same Vault configuration.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to