Working and awesome, as usual with NiFi! Thanks! -----Original Message----- From: Kevin Doran <[email protected]> Sent: Thursday, March 28, 2019 4:00 PM To: [email protected] Subject: Re: NiFi registry - encrypt providers.xml?
Yeah sorry, I should have specified that your ssh key needs to be password-less for this to work (your suspicion was correct!). So we recommend doing that and securing the key using OS filesystem permissions (ie, only the run as user should have read access to that ssk key file) On Thu, Mar 28, 2019 at 3:54 PM David Gallagher <[email protected]> wrote: > > Thanks for the reply! I've set up ssh access to the repository, and > I've confirmed that it works by pushing commits on the terminal. > However, nifi-registry isn't performing the push automatically; the > log file indicates > > 2019-03-28 15:48:19,029 ERROR [GitFlowMetaData Push thread] > o.a.n.r.p.flow.git.GitFlowMetaData Failed to push commits to origin > due to org.eclipse.jgit.api.errors.TransportException: > ssh://git@<myrepo>.git: USERAUTH fail > > As per the instructions, I created a file at ${USER_HOME}/.ssh/config with a > Host entry and pointer to the key file, where ${USER} is the user running the > nifi registry service. Is there some additional setting that I need to make > in providers.xml? One thing, there's a passphrase associated with my key, > could that be causing the issue? > > Thanks, > > Dave > > > > -----Original Message----- > From: Kevin Doran <[email protected]> > Sent: Thursday, March 28, 2019 12:20 PM > To: [email protected] > Subject: Re: NiFi registry - encrypt providers.xml? > > This is not possible at this time. We recommend configuring your git repo so > that the remote and push using ssh key pairs of the NiFi Registry run-as user > and protecting the private key on disk. in other words, if on the linux host > as the user that nifi registry runs as, you should be able to push using > ssh+git instead of username / password. then NiFi Registry will be able to do > the same. > > On Thu, Mar 28, 2019 at 12:09 PM David Gallagher > <[email protected]> wrote: > > > > Hi – does anyone know if it is possible to somehow encrypt the > > providers.xml file? I’m using the Git persistence provider and want to > > store the remote user and password there, but I don’t want to leave that > > value in there unencrypted if I don’t have to. I downloaded the > > nifi-toolkit, but I don’t see it as an option. > > > > > > > > Thanks, > > > > > > > > Dave
