[
https://issues.apache.org/jira/browse/NIFI-12501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17795960#comment-17795960
]
Marton Szasz edited comment on NIFI-12501 at 12/12/23 11:54 PM:
----------------------------------------------------------------
[~exceptionfactory] The Jira tracking the minifi c\+\+ effort (flow definition
sensitive property encryption): MINIFICPP-2229 (actually in progress, just not
updated yet)
The one tracking the feature to encrypt minifi.properties sensitive properties,
like truststore password or rest api password: MINIFICPP-1323 (done long ago)
In the c\+\+ agent case, bootstrap.conf is only used to store the keys, nothing
else, and is intended to be only readable by root or the minifi service user,
so I see little reason to encrypt it. (The keys have to live somewhere anyway.)
[~ferdei] I misunderstood this Jira, thanks for clarifying.
was (Author: szaszm):
[~exceptionfactory] The Jira tracking the minifi c\+\+ effort (flow definition
sensitive property encryption): MINIFICPP-2229 (actually in progress, just not
updated yet)
The one tracking the feature to encrypt minifi.properties sensitive properties:
MINIFICPP-1323 (done long ago)
In the c\+\+ agent case, bootstrap.conf is only used to store the keys, nothing
else, and is intended to be only readable by root or the minifi service user,
so I see little reason to encrypt it. (The keys have to live somewhere anyway.)
[~ferdei] I misunderstood this Jira, thanks for clarifying.
> [MiNiFi] Encrypt MiNiFi bootstrap.conf properties
> -------------------------------------------------
>
> Key: NIFI-12501
> URL: https://issues.apache.org/jira/browse/NIFI-12501
> Project: Apache NiFi
> Issue Type: Improvement
> Components: MiNiFi
> Reporter: Ferenc Erdei
> Assignee: Ferenc Erdei
> Priority: Major
> Labels: minifi-java
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Currently, there is no way to encrypt sensitive properties in bootstrap.conf
> and in the generated minifi.properties file.
> The goal of this story is to make it possible to encrypt sensitive property
> values in the bootstrap configuration file, and the generated
> minifi.properties file also should contain only encrypted values.
> * The supported encryption provider should be AES/GCM.
> * The encryption key can be defined in the minifi.bootstrap.sensitive.key
> property
> * We should provide a tool(minifi-toolkit-encrypt-config) to encrypt the
> bootstrap.conf properties, we can use the nifi-toolkit-encrypt-config as an
> inspiration
> Make sure that the solution works with change ingestors and c2 protocol as
> well
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
