[
https://issues.apache.org/jira/browse/NIFI-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-5458:
--------------------------------
Summary: Improve NiFi TLS and certificate management (was: NiFi security
configuration requires substantial knowledge and effort to deploy)
> Improve NiFi TLS and certificate management
> -------------------------------------------
>
> Key: NIFI-5458
> URL: https://issues.apache.org/jira/browse/NIFI-5458
> Project: Apache NiFi
> Issue Type: Epic
> Components: Configuration, Configuration Management, Core Framework,
> Docker, Security
> Affects Versions: 1.7.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: certificate, cluster, encryption, security, tls,
> tls-toolkit
>
> To securely deploy Apache NiFi requires substantial background knowledge,
> applied familiarity with a disparate set of tools and operating systems, and
> disjoint manual effort. The NiFi TLS Toolkit and Encrypt Config Toolkits aim
> to help, but the former is designed for development/sandbox environments, not
> integration with enterprise certificate authorities (CA). In addition, NiFi
> requires tightly coupled security configuration when deploying in a cluster
> environment, and dynamic horizontal scaling is difficult.
> This epic will serve as an aggregator for all individual tickets related to
> an ongoing, holistic effort to streamline, automate, and lower the barrier to
> entry to configuring a secure NiFi deployment.
> * Generating or acquiring signed certificates and converting them to the
> proper format (JKS, PEM, P12, etc.)
> * Integrating with external certificate providers
> * Securing the sensitive configuration values
> * Automating deployment of configuration values
> * Encapsulating/delegating security configuration for containerization efforts
> * Automating deployment of TLS cipher suites and protocol versions
> * Automating mitigation of TLS vulnerabilities
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
