[jira] [Updated] (NIFI-8447) Add HashiCorp Vault encryption as an option in the Encrypt Tool

Wed, 23 Jun 2021 12:19:05 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Joseph Gresock updated NIFI-8447:
---------------------------------
    Description: 
Add support for a HASHICORP_VAULT_TRANSIT PropertyProtectionScheme in the 
Encrypt Config Tool that can be configured with a Secrets Engine path and the 
relevant bootstrap.conf properties.  This path will be used in the identifier 
key: "hashicorp/vault/transit/[path]"

The bootstrap.conf provided in the command line must be configured with the 
following relevant properties in order for the encryption to work:

{code}
# HashiCorp Vault Sensitive Property Providers
nifi.bootstrap.protection.hashicorp.vault.conf=./conf/bootstrap-hashicorp-vault.conf
{code}

The contents of bootstrap-hashicorp-vault.conf should be:

{code}
# HashiCorp Vault Sensitive Property Providers (not enabled if the following 
two properties are not set)
vault.uri=
# Must point to a properties file with authentication properties as seen in
# Spring Vault: 
https://docs.spring.io/spring-vault/docs/2.3.x/reference/html/#vault.core.environment-vault-configuration
vault.authPropertiesFilename=

# HashiCorp Vault Secrets Engine configuration
# If set, enables the 'hashicorp/vault/transit/{path}' protection scheme.  
Valid characters are alphanumeric, dash, and underscore.
vault.transit.path=

# Optional HashiCorp Vault configuration
vault.connection.timeout=5 secs
vault.read.timeout=15 secs
vault.ssl.enabledCipherSuites=
vault.ssl.enabledProtocols=
vault.ssl.key-store=
vault.ssl.key-store-type=
vault.ssl.key-store-password=
vault.ssl.trust-store=
vault.ssl.trust-store-type=
vault.ssl.trust-store-password=
{code}

  was:
Add support for a HASHICORP_VAULT_TRANSIT PropertyProtectionScheme in the 
Encrypt Config Tool that can be configured with a Secrets Engine path and the 
relevant bootstrap.conf properties.  This path will be used in the identifier 
key: "vault/transit/[path]"

The bootstrap.conf provided in the command line must be configured with the 
following relevant properties in order for the encryption to work:

{code}
# HashiCorp Vault Sensitive Property Provider (not enabled if the following two 
properties are not set)
nifi.bootstrap.sensitive.props.hashicorp.vault.uri=
nifi.bootstrap.sensitive.props.hashicorp.vault.auth.props.file=

# HashiCorp Vault Secrets Engine configuration
# If set, enables PropertyProtectionScheme.HASHICORP_VAULT_TRANSIT
nifi.bootstrap.sensitive.props.hashicorp.vault.transit.path=

# Optional HashiCorp Vault configuration
nifi.bootstrap.sensitive.props.hashicorp.vault.connection.timeout=5 secs
nifi.bootstrap.sensitive.props.hashicorp.vault.read.timeout=15 secs
nifi.bootstrap.sensitive.props.hashicorp.vault.enabled.tls.cipher.suites=
nifi.bootstrap.sensitive.props.hashicorp.vault.enabled.tls.protocols=
nifi.bootstrap.sensitive.props.hashicorp.vault.keystore=
nifi.bootstrap.sensitive.props.hashicorp.vault.keystoreType=
nifi.bootstrap.sensitive.props.hashicorp.vault.keystorePasswd=
nifi.bootstrap.sensitive.props.hashicorp.vault.truststore=
nifi.bootstrap.sensitive.props.hashicorp.vault.truststoreType=
nifi.bootstrap.sensitive.props.hashicorp.vault.truststorePasswd=
{code}


> Add HashiCorp Vault encryption as an option in the Encrypt Tool
> ---------------------------------------------------------------
>
>                 Key: NIFI-8447
>                 URL: https://issues.apache.org/jira/browse/NIFI-8447
>             Project: Apache NiFi
>          Issue Type: Sub-task
>            Reporter: Joseph Gresock
>            Priority: Minor
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Add support for a HASHICORP_VAULT_TRANSIT PropertyProtectionScheme in the 
> Encrypt Config Tool that can be configured with a Secrets Engine path and the 
> relevant bootstrap.conf properties.  This path will be used in the identifier 
> key: "hashicorp/vault/transit/[path]"
> The bootstrap.conf provided in the command line must be configured with the 
> following relevant properties in order for the encryption to work:
> {code}
> # HashiCorp Vault Sensitive Property Providers
> nifi.bootstrap.protection.hashicorp.vault.conf=./conf/bootstrap-hashicorp-vault.conf
> {code}
> The contents of bootstrap-hashicorp-vault.conf should be:
> {code}
> # HashiCorp Vault Sensitive Property Providers (not enabled if the following 
> two properties are not set)
> vault.uri=
> # Must point to a properties file with authentication properties as seen in
> # Spring Vault: 
> https://docs.spring.io/spring-vault/docs/2.3.x/reference/html/#vault.core.environment-vault-configuration
> vault.authPropertiesFilename=
> # HashiCorp Vault Secrets Engine configuration
> # If set, enables the 'hashicorp/vault/transit/{path}' protection scheme.  
> Valid characters are alphanumeric, dash, and underscore.
> vault.transit.path=
> # Optional HashiCorp Vault configuration
> vault.connection.timeout=5 secs
> vault.read.timeout=15 secs
> vault.ssl.enabledCipherSuites=
> vault.ssl.enabledProtocols=
> vault.ssl.key-store=
> vault.ssl.key-store-type=
> vault.ssl.key-store-password=
> vault.ssl.trust-store=
> vault.ssl.trust-store-type=
> vault.ssl.trust-store-password=
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to