[
https://issues.apache.org/jira/browse/NIFI-9965?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17527734#comment-17527734
]
Nathan Gough commented on NIFI-9965:
------------------------------------
Hey Emilio,
I am working on rebuilding the config encryption tool and part of that will be
to encrypt the flow.xml.gz, so I expect the work I am doing will follow from
yours. I might relate the two tickets or assign this as a sub-task of
https://issues.apache.org/jira/browse/NIFI-9953 to track any significant
changes in your work contributing to mine.
I have thought that potentially we could look at using XML attributes to
identify fields (or the equivalent in JSON) rather than the current method of
searching for 'enc{}'. The same approach could then be made in other encrypted
files such as login-identity-providers.xml which I have started looking at
(which currently uses some Groovy code to match on 'Password' or 'Secret' in
ConfigEncryptionTool.groovy).
> Refactor encryption and decryption of sensitive flow properties
> ---------------------------------------------------------------
>
> Key: NIFI-9965
> URL: https://issues.apache.org/jira/browse/NIFI-9965
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security
> Reporter: Emilio Setiadarma
> Assignee: Emilio Setiadarma
> Priority: Minor
>
> Sensitive flow properties are typically encrypted in flow.xml.gz as
> `enc\{ciphertext}`. Decryption is also not standardized, but used in various
> components, `StandardFlowComparator` and `FlowFromDOMFactory` to name a few.
> This issue is an effort to standardize the way these values are encrypted and
> decrypted. This issue also aims to introduce an encryption format that more
> clearly identifies the underlying sensitive properties algorithm used.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
