At this point there is support for sensitive component properties which mean no matter what the value is (whether it is an actual value or a string referencing a variable key) we will ensure it is always encrypted in config files and never returned to any client even in encrypted form unless there is some clear need based on the API call.
There is no support at this point for sensitive variables meaning we dont presently encrypt variable values. With the flow registry work that is going on now in the first instance of pulling in an version of a registered flow you can set the value for sensitive properties and they'd be honored/kept across new versions so the mechanism should work quite well for version managed flows even with things like passwords. That might help you. Thanks On Wed, Nov 15, 2017 at 11:04 AM, Mike Thomsen <[email protected]> wrote: > Based on this, https://issues.apache.org/jira/browse/NIFI-2653, it looks > like I cannot encrypt the property that holds the MongoDB password if it is > in the variable registry file. Is that correct? > > Thanks, > > Mike > > On Wed, Nov 15, 2017 at 9:25 AM, Mike Thomsen <[email protected]> > wrote: >> >> The encrypt-config tool can encrypt sensitive properties in >> nifi.properties, but can it be set up to also go into the files specified >> with the registry property as additional sources of properties? >> >> >> Thanks, >> >> Mike > >
