[
https://issues.apache.org/jira/browse/NIFI-12501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17795414#comment-17795414
]
Marton Szasz commented on NIFI-12501:
-------------------------------------
In MiNiFi C++, the approach will be to encrypt unencrypted sensitive properties
in the flow definition on startup, but also provide a tool (encrypt-config
option) to change them without ever writing the unencrypted value to disk.
[~fgerlits] is working on the minifi c++ effort.
> [MiNiFi] Encrypt MiNiFi bootstrap.conf properties
> -------------------------------------------------
>
> Key: NIFI-12501
> URL: https://issues.apache.org/jira/browse/NIFI-12501
> Project: Apache NiFi
> Issue Type: Improvement
> Components: MiNiFi
> Reporter: Ferenc Erdei
> Assignee: Ferenc Erdei
> Priority: Major
> Labels: minifi-java
>
> Currently, there is no way to encrypt sensitive properties in bootstrap.conf
> and in the generated minifi.properties file.
> The goal of this story is to make it possible to encrypt sensitive property
> values in the bootstrap configuration file, and the generated
> minifi.properties file also should contain only encrypted values.
> * The supported encryption provider should be AES/GCM.
> * The encryption key can be defined in the minifi.bootstrap.sensitive.key
> property
> * We should provide a tool(minifi-toolkit-encrypt-config) to encrypt the
> bootstrap.conf properties, we can use the nifi-toolkit-encrypt-config as an
> inspiration
> Make sure that the solution works with change ingestors and c2 protocol as
> well
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
