[jira] [Commented] (NIFI-12501) [MiNiFi] Encrypt MiNiFi bootstrap.conf properties

[David Handermann (Jira)]

    [ 
https://issues.apache.org/jira/browse/NIFI-12501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17795417#comment-17795417
 ] 

David Handermann commented on NIFI-12501:
-----------------------------------------

Thanks for the additional background [~ferdei]. With that understanding, I 
agree that attempting to extend the current nifi-toolkit-encrypt-config as it 
stands does not sound like a good solution.

Thanks for the note [~szaszm], is the a Jira to track the effort for MiNiFi 
C++? That sounds like a better approach in general.

[~ferdei] In light of the fact that MiNiFi Java is already different enough 
from NiFi and NiFi Registry to warrant a separate implementation, I think it 
would be helpful to provide a basic outline of the implementation strategy. It 
could be in this Jira issue itself, but the order of operations and processing 
is very important when it comes to implementing encryption operations. It would 
be best to have the general steps outlined before putting together a pull 
request, otherwise, it may be require some things to be reworked in the course 
of the review. This is not an absolute requirement, but given the potential 
complexities, it seems like it would be helpful to provide a few more details 
of the proposed implementation to help the pull request review go more smoothly.


> [MiNiFi] Encrypt MiNiFi bootstrap.conf properties
> -------------------------------------------------
>
>                 Key: NIFI-12501
>                 URL: https://issues.apache.org/jira/browse/NIFI-12501
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: MiNiFi
>            Reporter: Ferenc Erdei
>            Assignee: Ferenc Erdei
>            Priority: Major
>              Labels: minifi-java
>
> Currently, there is no way to encrypt sensitive properties in bootstrap.conf 
> and in the generated minifi.properties file.
> The goal of this story is to make it possible to encrypt sensitive property 
> values in the bootstrap configuration file, and the generated 
> minifi.properties file also should contain only encrypted values.
>  * The supported encryption provider should be AES/GCM.
>  * The encryption key can be defined in the minifi.bootstrap.sensitive.key 
> property
>  * We should provide a tool(minifi-toolkit-encrypt-config) to encrypt the 
> bootstrap.conf properties, we can use the nifi-toolkit-encrypt-config as an 
> inspiration
> Make sure that the solution works with change ingestors and c2 protocol as 
> well



--
This message was sent by Atlassian Jira
(v8.20.10#820010)