[jira] [Commented] (NIFI-5540) NiFi does not start in cluster mode without sensitive key explicitly defined

Tue, 21 Aug 2018 21:08:24 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-5540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16588359#comment-16588359
 ] 

ASF GitHub Bot commented on NIFI-5540:
--------------------------------------

Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/2959
  
    As discovered by @bbende , I introduced a bug in my commit 
[f60585a](https://github.com/apache/nifi/commit/f60585a9b6df6b3b28be1eb80a0a60deac6c0493#diff-882d0904bb315ac8a455aec69e6d44d8)
 as part of [PR 2841](https://github.com/apache/nifi/pull/2841) for 
[NIFI-5376](https://issues.apache.org/jira/browse/NIFI-5376) which stops 
cluster startup if no `nifi.sensitive.props.key` value is entered in 
`nifi.properties`. Previously, a default static value is used (all docs 
indicate this should *not* be relied on and a custom, unique value should be 
provided at deployment time), but this is an unintentional regression and was 
not documented. 
    
    This fix prints a warning to the log if no value is provided but restores 
the previous functionality of using the default. 


> NiFi does not start in cluster mode without sensitive key explicitly defined
> ----------------------------------------------------------------------------
>
>                 Key: NIFI-5540
>                 URL: https://issues.apache.org/jira/browse/NIFI-5540
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.7.1
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: config, encryption, security
>
> While the docs instruct users to explicitly set a value for 
> {{nifi.sensitive.props.key}} in *nifi.properties* to use when encrypting 
> sensitive component properties to persist in the *flow.xml.gz*, some users do 
> not. Historically, these instances use a default, hardcoded key generation 
> value. 
> During the deprecation of {{StringEncryptor.createEncryptor(NiFiProperties)}} 
> in NIFI-5376, the code which provided the default was missed in a specific 
> cluster scenario. 
> The default should be provided, and a warning should be printed to the app 
> log if the provided key value is empty, in both standalone and cluster modes. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to