Github user kevdoran commented on a diff in the pull request:

    https://github.com/apache/nifi-registry/pull/89#discussion_r165668227
  
    --- Diff: nifi-registry-docker/dockerhub/sh/secure.sh ---
    @@ -0,0 +1,56 @@
    +#!/bin/sh -e
    +
    +#    Licensed to the Apache Software Foundation (ASF) under one or more
    +#    contributor license agreements.  See the NOTICE file distributed with
    +#    this work for additional information regarding copyright ownership.
    +#    The ASF licenses this file to You under the Apache License, Version 
2.0
    +#    (the "License"); you may not use this file except in compliance with
    +#    the License.  You may obtain a copy of the License at
    +#
    +#       http://www.apache.org/licenses/LICENSE-2.0
    +#
    +#    Unless required by applicable law or agreed to in writing, software
    +#    distributed under the License is distributed on an "AS IS" BASIS,
    +#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 
implied.
    +#    See the License for the specific language governing permissions and
    +#    limitations under the License.
    +
    +scripts_dir='/opt/nifi-registry/scripts'
    +
    +[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh"
    +
    +# Perform idempotent changes of configuration to support secure 
environments
    +echo 'Configuring environment with SSL settings'
    +
    +: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being 
used."}
    +if [ ! -f "${KEYSTORE_PATH}" ]; then
    +    echo "Keystore file specified (${KEYSTORE_PATH}) does not exist."
    +    exit 1
    +fi
    +: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) 
of the keystore being used."}
    +: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being 
used."}
    +
    +: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore 
being used."}
    +if [ ! -f "${TRUSTSTORE_PATH}" ]; then
    +    echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist."
    +    exit 1
    +fi
    +: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, 
PEM) of the truststore being used."}
    +: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore 
being used."}
    +
    +prop_replace 'nifi.registry.security.keystore'           "${KEYSTORE_PATH}"
    +prop_replace 'nifi.registry.security.keystoreType'       "${KEYSTORE_TYPE}"
    +prop_replace 'nifi.registry.security.keystorePasswd'     
"${KEYSTORE_PASSWORD}"
    --- End diff --
    
    Noticed we don't have a way to specify 
`nifi.registry.security.keystorePasswd` through env variables. This is the case 
for the NiFi docker image as well. The default behavior on startup is to use 
the keystorePasswd as the keyPasswd, and I think that is good for most use 
cases, but at some point it might be nice to add the ability to set 
`nifi.registry.security.keyPasswd` via the env var KEY_PASSWORD. Can add that 
as an enhancement for NiFi as well.


---

Reply via email to