[jira] [Created] (NIFI-9953) The config encryption tool is too complicated to use and can be simplified

Fri, 22 Apr 2022 12:17:05 -0700 

Nathan Gough created NIFI-9953:
----------------------------------

             Summary: The config encryption tool is too complicated to use and 
can be simplified
                 Key: NIFI-9953
                 URL: https://issues.apache.org/jira/browse/NIFI-9953
             Project: Apache NiFi
          Issue Type: Epic
          Components: Tools and Build
    Affects Versions: 1.16.1
            Reporter: Nathan Gough
            Assignee: Nathan Gough


It may be worth creating a new Encrypt Config 2.0 tool rather than converting 
the existing module. This would allow us to eventually deprecate the 1.0 tool 
and not mandate us to maintain backwards compatibility in 2.0.

Goals:
 * Eliminate Groovy
 * Reduce complexity of code and complexity of usage
 * Logical separation of components/modularization

Key design concerns:
 # The tool should be implicit rather than explicit - too many parameter inputs 
has made 1.0 too complex and difficult to use (eg. having to specify every 
single input and output file etc)
 # Should work for current and future products (NiFi, NiFi Registry, MiNiFi etc)
 # Should be atomic/transactional (all files succeed or fail)
 # Should stream read/write the input and output files
 # Should use Java instead of Groovy
 # Should use PicoCLI as a full featured CLI library which allows subcommands 
(https://github.com/remkop/picocli)
 # Concise error and debug logging to allow users to rectify issues
 # Re-evaluate need for any extra modes (eg migrate, key input vs password 
input)

The command interface is expected to look something like this:
{quote}ngough$ ./encrypt-config-2.sh --help

usage: org.apache.nifi.toolkit.encryptconfig2.EncryptConfigMain [-h] [options]

This tool enables easy encryption and decryption of configuration files for 
NiFi and its sub-projects. Given a root NiFi directory, password and scheme it 
will protect all sensitive values within configuration files with the 
key/password. The tool can also decrypt the files given the correct password.

-h,--help           Show usage information (this message)
    --nifiRegistry   Specifies target NiFi Registry. When this flag is not 
included, NiFi is the target. *// Not sure if required*
-v,--verbose        Sets verbose mode (default false)

 

Command examples:

./encrypt-config-2.sh encrypt [root-nifi-dir | root-nifi-registry-dir | 
root-minifi-dir] password scheme [--flowXml]

./encrypt-config-2.sh decrypt root-nifi-dir password

./encrypt-config-2.sh migrate root-nifi-dir oldpassword newpassword [oldscheme 
newscheme]

./encrypt-config-2.sh translate-cli nifi.properties
{quote}



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to