You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Marton Szasz (Jira)" <ji...@apache.org> on 2023/12/11 15:40:00 UTC

[jira] [Comment Edited] (NIFI-12501) [MiNiFi] Encrypt MiNiFi bootstrap.conf properties

    [ https://issues.apache.org/jira/browse/NIFI-12501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17795414#comment-17795414 ] 

Marton Szasz edited comment on NIFI-12501 at 12/11/23 3:39 PM:
---------------------------------------------------------------

In MiNiFi C\+\+, the approach will be to encrypt unencrypted sensitive properties in the flow definition on startup, but also provide a tool (encrypt-config option) to change them without ever writing the unencrypted value to disk. [~fgerlits] is working on the minifi c\+\+ effort.


was (Author: szaszm):
In MiNiFi C++, the approach will be to encrypt unencrypted sensitive properties in the flow definition on startup, but also provide a tool (encrypt-config option) to change them without ever writing the unencrypted value to disk. [~fgerlits] is working on the minifi c++ effort.

> [MiNiFi] Encrypt MiNiFi bootstrap.conf properties
> -------------------------------------------------
>
>                 Key: NIFI-12501
>                 URL: https://issues.apache.org/jira/browse/NIFI-12501
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: MiNiFi
>            Reporter: Ferenc Erdei
>            Assignee: Ferenc Erdei
>            Priority: Major
>              Labels: minifi-java
>
> Currently, there is no way to encrypt sensitive properties in bootstrap.conf and in the generated minifi.properties file.
> The goal of this story is to make it possible to encrypt sensitive property values in the bootstrap configuration file, and the generated minifi.properties file also should contain only encrypted values.
>  * The supported encryption provider should be AES/GCM.
>  * The encryption key can be defined in the minifi.bootstrap.sensitive.key property
>  * We should provide a tool(minifi-toolkit-encrypt-config) to encrypt the bootstrap.conf properties, we can use the nifi-toolkit-encrypt-config as an inspiration
> Make sure that the solution works with change ingestors and c2 protocol as well



--
This message was sent by Atlassian Jira
(v8.20.10#820010)