[
https://issues.apache.org/jira/browse/NIFI-13560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17868100#comment-17868100
]
ASF subversion and git services commented on NIFI-13560:
--------------------------------------------------------
Commit b0f419be2c6f8d341c7a51fe4cdb388204f05a10 in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=b0f419be2c ]
NIFI-13560 Changed Parameter Provider handling to avoid storing values (#9102)
- Added ParameterValueMapper for handling serialization of Parameter Values for
Flow Configuration
- Added Parameter Group retrieval method for Flow Synchronizer
> Refactor Parameter Provider Value Storage and Retrieval
> -------------------------------------------------------
>
> Key: NIFI-13560
> URL: https://issues.apache.org/jira/browse/NIFI-13560
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Time Spent: 40m
> Remaining Estimate: 0h
>
> The Parameter Provider interface supports extensible integration with various
> services for storing and retrieving sensitive values. The current
> implementation integrates with Parameter Contexts, storing fetched values in
> the persistent flow configuration, with configurable sensitive status. For
> sensitive values, the framework encrypts values using the configured
> sensitive properties key and sensitive properties algorithm.
> Although framework encryption provides a measure of protection for sensitive
> values, persistent storage in the flow configuration effectively changes the
> security posture for centralized management of secrets. This approach
> provides some resilience in the event of communications issues with an
> external secrets storage provider, but changing the security posture is a
> more serious concern. To provide some protection against communication
> issues, the framework should implement memory-based caching of fetched
> parameter values, which should remain available for the duration of the
> application process.
> The current user experience should remain the same, requiring user
> interaction to fetch new parameter values while the system is running.
> However, the framework should fetch current parameter values when starting,
> based on storing a reference in the linked Parameter Context. This strategy
> follows a common implementation pattern in other applications and frameworks,
> preserving control over access to secrets at the system of record.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
