You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2021/06/03 02:32:08 UTC

[GitHub] [nifi] exceptionfactory commented on a change in pull request #5110: NIFI-8511 Added KeyStore implementation of KeyProvider

exceptionfactory commented on a change in pull request #5110:
URL: https://github.com/apache/nifi/pull/5110#discussion_r644440450



##########
File path: nifi-docs/src/main/asciidoc/user-guide.adoc
##########
@@ -2922,6 +2922,34 @@ key5=c6FzfnKm7UR7xqI2NFpZ+fEKBfSU7+1NvRw+XWQ9U39MONWqk5gvoyOCdFR1kUgeg46jrN5dGXk
 
 Each line defines a key ID and then the Base64-encoded cipher text of a 16 byte IV and wrapped AES-128, AES-192, or AES-256 key depending on the JCE policies available. The individual keys are wrapped by AES/GCM encryption using the **root key** defined by `nifi.bootstrap.sensitive.key` in _conf/bootstrap.conf_.
 
+===== KeyStoreKeyProvider
+The `KeyStoreKeyProvider` implementation reads from an encrypted keystore using the configured password to load AES Secret Key entries.
+
+The provider supports the following Keystore Types:
+
+* BCFKS
+* PKCS12

Review comment:
       JKS does not support storage of Secret Key entries, so attempting to run `keytool -genseckey -storetype JKS` throws a KeyStoreException.  PKCS12 is also the default KeyStore Type starting in Java 9.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org