Ok, I think I get what you're saying. The problem I'm facing is that
GetMongo currently does not have a sensitive field definition for password,
so it looks like I have to specify a connection string like this:
mongodb://${mongo.user}:${mongo.password}@${mongo.ip}:${mongo.port}
So our ideal scenario is encrypted property for mongo.password, load that
on runtime and inject the clear text into the Mongo client API call so we
can make the authenticated connection. Seems that is the part that is not
supported right now.
Fortunately, the client is eager to try out X509 authentication with Mongo
which looks mature in the Mongo processors!
On Wed, Nov 15, 2017 at 11:25 AM, Joe Witt <[email protected]> wrote:
> At this point there is support for sensitive component properties
> which mean no matter what the value is (whether it is an actual value
> or a string referencing a variable key) we will ensure it is always
> encrypted in config files and never returned to any client even in
> encrypted form unless there is some clear need based on the API call.
>
> There is no support at this point for sensitive variables meaning we
> dont presently encrypt variable values.
>
> With the flow registry work that is going on now in the first instance
> of pulling in an version of a registered flow you can set the value
> for sensitive properties and they'd be honored/kept across new
> versions so the mechanism should work quite well for version managed
> flows even with things like passwords. That might help you.
>
> Thanks
>
>
>
> On Wed, Nov 15, 2017 at 11:04 AM, Mike Thomsen <[email protected]>
> wrote:
> > Based on this, https://issues.apache.org/jira/browse/NIFI-2653, it looks
> > like I cannot encrypt the property that holds the MongoDB password if it
> is
> > in the variable registry file. Is that correct?
> >
> > Thanks,
> >
> > Mike
> >
> > On Wed, Nov 15, 2017 at 9:25 AM, Mike Thomsen <[email protected]>
> > wrote:
> >>
> >> The encrypt-config tool can encrypt sensitive properties in
> >> nifi.properties, but can it be set up to also go into the files
> specified
> >> with the registry property as additional sources of properties?
> >>
> >>
> >> Thanks,
> >>
> >> Mike
> >
> >
>
