[
https://issues.apache.org/jira/browse/NIFI-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15690883#comment-15690883
]
ASF GitHub Bot commented on NIFI-3024:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1261
@YolandaMDavis caught a tricky one. When performing the migration of
`flow.xml.gz` with an already-encrypted `nifi.properties` but using the
`-x`/`--encryptFlowXmlOnly` flag, the new `nifi.sensitive.props.key` value is
manually encrypted and updated in the `NiFiProperties` object before being
re-serialized to the file. However, because this was not going through the
normal "encrypt the entire object" logic, the protection scheme in
`nifi.sensitive.props.key.protected` was being erased. This resulted in cipher
text being stored as the key without an indicator of how to decrypt it.
I added an assertion in the test covering this scenario and was able to
reproduce immediately. I applied the fix and pushed. Thanks Yolanda.
> Encrypted configuration migrator should be able to update sensitive
> properties key and migrate flow.xml.gz
> ----------------------------------------------------------------------------------------------------------
>
> Key: NIFI-3024
> URL: https://issues.apache.org/jira/browse/NIFI-3024
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Configuration, Tools and Build
> Affects Versions: 1.0.0
> Reporter: Bryan Rosander
> Assignee: Andy LoPresto
> Labels: config, encryption, security, serialization
> Fix For: 1.1.0
>
>
> In order to allow changing of nifi.sensitive.props.key and updating of the
> flow.xml.gz, the ConfigEncryptionTool should be able to accept a new value
> for that field and update encrypted values in the flow.xml.gz appropriately.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
