exceptionfactory opened a new pull request, #8978: URL: https://github.com/apache/nifi/pull/8978
# Summary [NIFI-13414](https://issues.apache.org/jira/browse/NIFI-13414) Removes the `nifi-property-protection-api` and associated implementation modules as well as the `nifi-toolkit-encrypt-config` and `minifi-toolkit-encrypt-config` modules. These modules provided encryption and decryption capabilities for application properties in `nifi.properties` and similar configuration files in MiNiFi and NiFi Registry. These changes do not impact the behavior encryption and decryption for sensitive values in flow configuration components. [NIFI-1831](https://issues.apache.org/jira/browse/NIFI-1831) Introduced initial support for application property encryption in NiFi 1.0.0, with acknowledged issues related to having the encryption key stored in a file next to the configuration properties themselves. Although subsequent versions of NiFi introduced support for externalized secrets management, integration with different service providers required large dependency trees and configuration that was specific to each provider. Although the implementation provided some abstraction between interface and implementation, the API was not considered a public extension point, and thus required significant and specialized internal maintenance. With this background, changes for NIFI-13414 remove all references to local and service-based encryption for application properties. This avoids the inherent confusion related to encryption of properties in one file while having the plaintext key in another file in the same directory. Removing these capabilities across NiFi, NiFi Registry, and MiNiFi as part of version 2.0.0 serves to clear the source repository for potential new approaches that avoid the security and implementation concerns of the current approach. These changes remove optional bootstrap configuration files and the `encrypt-config.sh` command from the NiFi Toolkit. The dependency removals reduce the size of the NiFi binary distribution by over 60 MB, removing over 130 JAR files from the `properties` library directory. # Tracking Please complete the following tracking steps prior to pull request creation. ### Issue Tracking - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created ### Pull Request Tracking - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-00000` - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-00000` ### Pull Request Formatting - [X] Pull Request based on current revision of the `main` branch - [X] Pull Request refers to a feature branch with one commit containing changes # Verification Please indicate the verification steps performed prior to pull request creation. ### Build - [X] Build completed using `mvn clean install -P contrib-check` - [X] JDK 21 ### Licensing - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html) - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files ### Documentation - [X] Documentation formatting appears as expected in rendered files -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
