Andy LoPresto created NIFI-5364:
-----------------------------------
Summary: ConfigEncryptionTool should handle NiFi Registry
Key: NIFI-5364
URL: https://issues.apache.org/jira/browse/NIFI-5364
Project: Apache NiFi
Issue Type: Sub-task
Components: Tools and Build
Affects Versions: 1.7.0
Reporter: Andy LoPresto
Assignee: Andy LoPresto
The CET should encrypt sensitive properties for the NiFi Registry.
The necessary improvements include:
* the tool should respect the input filename and not generate a hard-coded
{{nifi.properties}} file as output; if the input file is
{{nifi-registry.properties}} and no output filename is provided as an argument,
the output file should be {{nifi-registry.properties}} as well
* Keys starting with {{nifi.registry.*}} should be detected (currently, the
list of sensitive properties is hard-coded, so
{{nifi.registry.security.keystorePasswd}} doesn't get encrypted, for example)
* {{nifi.registry.sensitive.props.additional.keys}} should be detected
* {{nifi.sensitive.props.additional.keys}} must be manually renamed
* The encrypted output shows *3* protected when only *2* properties are. This
is because {{nifi.sensitive.props.key}} was generated but did not persist
(because it didn't already exist in {{nifi-registry.properties}})
* {{nifi.registry.db.password}} should be detected
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
