[jira] [Commented] (NIFI-12501) [MiNiFi] Encrypt MiNiFi bootstrap.conf properties

Mon, 11 Dec 2023 07:08:35 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-12501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17795408#comment-17795408
 ] 

David Handermann commented on NIFI-12501:
-----------------------------------------

[~ferdei] It would be worthwhile to evaluate the option of adding a MiNiFi mode 
to the existing encrypt-config toolkit. The current implementation supports 
both NiFi and NiFi Registry, based on one command line switch that enables 
different arguments. The updated implementation supports generalized 
transformer classes for properties files and XML files to cover standard 
formats. It may not make sense given that MiNiFi already has a separate 
toolkit, but it seems worth a basic evaluation. Alternatively, looking for ways 
to reuse some of the existing components in nifi-toolkit-encrypt-config module 
could be worthwhile.

There are some limitations to the current approach in NiFi itself, but if an 
implementation for MiNiFi follows the same pattern and reuses code, that could 
provide for better refactoring down the road.

> [MiNiFi] Encrypt MiNiFi bootstrap.conf properties
> -------------------------------------------------
>
>                 Key: NIFI-12501
>                 URL: https://issues.apache.org/jira/browse/NIFI-12501
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: MiNiFi
>            Reporter: Ferenc Erdei
>            Assignee: Ferenc Erdei
>            Priority: Major
>              Labels: minifi-java
>
> Currently, there is no way to encrypt sensitive properties in bootstrap.conf 
> and in the generated minifi.properties file.
> The goal of this story is to make it possible to encrypt sensitive property 
> values in the bootstrap configuration file, and the generated 
> minifi.properties file also should contain only encrypted values.
>  * The supported encryption provider should be AES/GCM.
>  * The encryption key can be defined in the minifi.bootstrap.sensitive.key 
> property
>  * We should provide a tool(minifi-toolkit-encrypt-config) to encrypt the 
> bootstrap.conf properties, we can use the nifi-toolkit-encrypt-config as an 
> inspiration
> Make sure that the solution works with change ingestors and c2 protocol as 
> well



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to