You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/06/25 03:09:00 UTC

[jira] [Resolved] (NIFI-8447) Add HashiCorp Vault encryption as an option in the Encrypt Tool

     [ https://issues.apache.org/jira/browse/NIFI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann resolved NIFI-8447.
------------------------------------
    Fix Version/s: 1.14.0
         Assignee: Joseph Gresock
       Resolution: Fixed

> Add HashiCorp Vault encryption as an option in the Encrypt Tool
> ---------------------------------------------------------------
>
>                 Key: NIFI-8447
>                 URL: https://issues.apache.org/jira/browse/NIFI-8447
>             Project: Apache NiFi
>          Issue Type: Sub-task
>            Reporter: Joseph Gresock
>            Assignee: Joseph Gresock
>            Priority: Minor
>             Fix For: 1.14.0
>
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> Add support for a HASHICORP_VAULT_TRANSIT PropertyProtectionScheme in the Encrypt Config Tool that can be configured with a Secrets Engine path and the relevant bootstrap.conf properties.  This path will be used in the identifier key: "hashicorp/vault/transit/[path]"
> The bootstrap.conf provided in the command line must be configured with the following relevant properties in order for the encryption to work:
> {code}
> # HashiCorp Vault Sensitive Property Providers
> nifi.bootstrap.protection.hashicorp.vault.conf=./conf/bootstrap-hashicorp-vault.conf
> {code}
> The contents of bootstrap-hashicorp-vault.conf should be:
> {code}
> # HashiCorp Vault Sensitive Property Providers (not enabled if the following two properties are not set)
> vault.uri=
> # Must point to a properties file with authentication properties as seen in
> # Spring Vault: https://docs.spring.io/spring-vault/docs/2.3.x/reference/html/#vault.core.environment-vault-configuration
> vault.authPropertiesFilename=
> # HashiCorp Vault Secrets Engine configuration
> # If set, enables the 'hashicorp/vault/transit/{path}' protection scheme.  Valid characters are alphanumeric, dash, and underscore.
> vault.transit.path=
> # Optional HashiCorp Vault configuration
> vault.connection.timeout=5 secs
> vault.read.timeout=15 secs
> vault.ssl.enabledCipherSuites=
> vault.ssl.enabledProtocols=
> vault.ssl.key-store=
> vault.ssl.key-store-type=
> vault.ssl.key-store-password=
> vault.ssl.trust-store=
> vault.ssl.trust-store-type=
> vault.ssl.trust-store-password=
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)