You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@nifi.apache.org by Daniel Guymon <vt...@gmail.com> on 2021/04/11 20:02:10 UTC

Questions re: nifi-toolkit encrypt-config

Hello,

Spent a bit of time trying to use nifi-toolkit's encrypt-config to encrypt
my keystore and key passwords for Nifi Registry, but can't seem to get
nifi-registry.properties to update with the encrypted values (both raw key
and password options)

Here's what I'm currently doing:

/opt/nifi-toolkit/nifi-toolkit-1.13.2/bin/encrypt-config.sh --nifiRegistry \
      -b /opt/nifi-registry/nifi-registry-0.8.0/conf/bootstrap.conf \
      -h <raw_hex> \
      -n
/opt/nifi-registry/nifi-registry-0.8.0/conf/nifi-registry.properties

The above command populates bootstrap.conf setting
nifi.registry.bootstrap.sensitive.key

But it does not encrypt any sensitive parameters in
nifi-registry.properties, even if they are explicitly set in
nifi-registry.properties:

nifi.registry.sensitive.props.additional.keys=nifi.registry.security.keystorePasswd,nifi.registry.security.keyPasswd

Appreciate any guidance as I haven't been able to gain any
additional insights from the documentation.

Thanks,

Danny Guymon
Peraton
Engineering Lead | Principal Manager, Cyber Software Engineering