You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by Daniel Guymon <vt...@gmail.com> on 2021/04/11 20:02:10 UTC
Questions re: nifi-toolkit encrypt-config
Hello,
Spent a bit of time trying to use nifi-toolkit's encrypt-config to encrypt
my keystore and key passwords for Nifi Registry, but can't seem to get
nifi-registry.properties to update with the encrypted values (both raw key
and password options)
Here's what I'm currently doing:
/opt/nifi-toolkit/nifi-toolkit-1.13.2/bin/encrypt-config.sh --nifiRegistry \
-b /opt/nifi-registry/nifi-registry-0.8.0/conf/bootstrap.conf \
-h <raw_hex> \
-n
/opt/nifi-registry/nifi-registry-0.8.0/conf/nifi-registry.properties
The above command populates bootstrap.conf setting
nifi.registry.bootstrap.sensitive.key
But it does not encrypt any sensitive parameters in
nifi-registry.properties, even if they are explicitly set in
nifi-registry.properties:
nifi.registry.sensitive.props.additional.keys=nifi.registry.security.keystorePasswd,nifi.registry.security.keyPasswd
Appreciate any guidance as I haven't been able to gain any
additional insights from the documentation.
Thanks,
Danny Guymon
Peraton
Engineering Lead | Principal Manager, Cyber Software Engineering