You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/06/25 03:08:00 UTC

[jira] [Commented] (NIFI-8447) Add HashiCorp Vault encryption as an option in the Encrypt Tool

    [ https://issues.apache.org/jira/browse/NIFI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17369207#comment-17369207 ] 

ASF subversion and git services commented on NIFI-8447:
-------------------------------------------------------

Commit 726082ffa6c9f4b350fd6026152c50dc5bae2151 in nifi's branch refs/heads/main from Joe Gresock
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=726082f ]

NIFI-8447 Added HashiCorp Vault Transit Sensitive Properties Provider

- Added default bootstrap-hashicorp-vault.conf
- Updated Toolkit Guide documentation with HashiCorp Vault properties

This closes #5154

Signed-off-by: David Handermann <ex...@apache.org>


> Add HashiCorp Vault encryption as an option in the Encrypt Tool
> ---------------------------------------------------------------
>
>                 Key: NIFI-8447
>                 URL: https://issues.apache.org/jira/browse/NIFI-8447
>             Project: Apache NiFi
>          Issue Type: Sub-task
>            Reporter: Joseph Gresock
>            Priority: Minor
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> Add support for a HASHICORP_VAULT_TRANSIT PropertyProtectionScheme in the Encrypt Config Tool that can be configured with a Secrets Engine path and the relevant bootstrap.conf properties.  This path will be used in the identifier key: "hashicorp/vault/transit/[path]"
> The bootstrap.conf provided in the command line must be configured with the following relevant properties in order for the encryption to work:
> {code}
> # HashiCorp Vault Sensitive Property Providers
> nifi.bootstrap.protection.hashicorp.vault.conf=./conf/bootstrap-hashicorp-vault.conf
> {code}
> The contents of bootstrap-hashicorp-vault.conf should be:
> {code}
> # HashiCorp Vault Sensitive Property Providers (not enabled if the following two properties are not set)
> vault.uri=
> # Must point to a properties file with authentication properties as seen in
> # Spring Vault: https://docs.spring.io/spring-vault/docs/2.3.x/reference/html/#vault.core.environment-vault-configuration
> vault.authPropertiesFilename=
> # HashiCorp Vault Secrets Engine configuration
> # If set, enables the 'hashicorp/vault/transit/{path}' protection scheme.  Valid characters are alphanumeric, dash, and underscore.
> vault.transit.path=
> # Optional HashiCorp Vault configuration
> vault.connection.timeout=5 secs
> vault.read.timeout=15 secs
> vault.ssl.enabledCipherSuites=
> vault.ssl.enabledProtocols=
> vault.ssl.key-store=
> vault.ssl.key-store-type=
> vault.ssl.key-store-password=
> vault.ssl.trust-store=
> vault.ssl.trust-store-type=
> vault.ssl.trust-store-password=
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)