[
https://issues.apache.org/jira/browse/NIFI-8448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joseph Gresock updated NIFI-8448:
---------------------------------
Description:
Implement a HashiCorpVaultTransitSensitivePropertiesProvider that can be
configured with a Secrets Engine path and the relevant bootstrap.conf
properties. This path will be used in the identifierKey: "vault/transit/[path]"
This SPP should configure a StandardHashiCorpVaultCommunicationService using
the following bootstrap.conf properties:
{code}
# HashiCorp Vault Sensitive Property Provider (not enabled if the following two
properties are not set)
nifi.bootstrap.sensitive.props.hashicorp.vault.uri=
nifi.bootstrap.sensitive.props.hashicorp.vault.auth.props.file=
# HashiCorp Vault Secrets Engine configuration
# If set, enables PropertyProtectionScheme.HASHICORP_VAULT_TRANSIT
nifi.bootstrap.sensitive.props.hashicorp.vault.transit.path=
# Optional HashiCorp Vault configuration
nifi.bootstrap.sensitive.props.hashicorp.vault.connection.timeout=5 secs
nifi.bootstrap.sensitive.props.hashicorp.vault.read.timeout=15 secs
nifi.bootstrap.sensitive.props.hashicorp.vault.enabled.tls.cipher.suites=
nifi.bootstrap.sensitive.props.hashicorp.vault.enabled.tls.protocols=
nifi.bootstrap.sensitive.props.hashicorp.vault.keystore=
nifi.bootstrap.sensitive.props.hashicorp.vault.keystoreType=
nifi.bootstrap.sensitive.props.hashicorp.vault.keystorePasswd=
nifi.bootstrap.sensitive.props.hashicorp.vault.truststore=
nifi.bootstrap.sensitive.props.hashicorp.vault.truststoreType=
nifi.bootstrap.sensitive.props.hashicorp.vault.truststorePasswd=
{code}
was:
Implement a HashiCorpVaultSensitivePropertiesProvider (HVSPP) that can be
configured with a transitKey String and the relevant nifi.properties. This
transitKey will be used in the identifierKey: "vault/[transitKey]"
The HVSPP should configure a StandardCorpCommunicationService using the
following nifi.properties:
{code}
nifi.sensitive.props.hashicorp.vault.uri=
nifi.sensitive.props.hashicorp.vault.auth.properties.file=
# Use TLS configuration if uri is https
nifi.security.keystore=
nifi.security.keystoreType=
nifi.security.keystorPasswd=
nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
{code}
> Add HashiCorpVaultTransitSensitivePropertiesProvider
> ----------------------------------------------------
>
> Key: NIFI-8448
> URL: https://issues.apache.org/jira/browse/NIFI-8448
> Project: Apache NiFi
> Issue Type: Sub-task
> Reporter: Joseph Gresock
> Priority: Minor
>
> Implement a HashiCorpVaultTransitSensitivePropertiesProvider that can be
> configured with a Secrets Engine path and the relevant bootstrap.conf
> properties. This path will be used in the identifierKey:
> "vault/transit/[path]"
> This SPP should configure a StandardHashiCorpVaultCommunicationService using
> the following bootstrap.conf properties:
> {code}
> # HashiCorp Vault Sensitive Property Provider (not enabled if the following
> two properties are not set)
> nifi.bootstrap.sensitive.props.hashicorp.vault.uri=
> nifi.bootstrap.sensitive.props.hashicorp.vault.auth.props.file=
> # HashiCorp Vault Secrets Engine configuration
> # If set, enables PropertyProtectionScheme.HASHICORP_VAULT_TRANSIT
> nifi.bootstrap.sensitive.props.hashicorp.vault.transit.path=
> # Optional HashiCorp Vault configuration
> nifi.bootstrap.sensitive.props.hashicorp.vault.connection.timeout=5 secs
> nifi.bootstrap.sensitive.props.hashicorp.vault.read.timeout=15 secs
> nifi.bootstrap.sensitive.props.hashicorp.vault.enabled.tls.cipher.suites=
> nifi.bootstrap.sensitive.props.hashicorp.vault.enabled.tls.protocols=
> nifi.bootstrap.sensitive.props.hashicorp.vault.keystore=
> nifi.bootstrap.sensitive.props.hashicorp.vault.keystoreType=
> nifi.bootstrap.sensitive.props.hashicorp.vault.keystorePasswd=
> nifi.bootstrap.sensitive.props.hashicorp.vault.truststore=
> nifi.bootstrap.sensitive.props.hashicorp.vault.truststoreType=
> nifi.bootstrap.sensitive.props.hashicorp.vault.truststorePasswd=
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
