You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@nifi.apache.org by Pat White <pa...@verizonmedia.com> on 2020/02/11 20:23:17 UTC

Can jetty reload keystore credentials dynamically?

Hi Folks,

Can Nifi's jetty automatically detect and reload its keystore when the
keystore is changed, such as during credentials update or rotation?

Thank you
patw

Re: Can jetty reload keystore credentials dynamically?

Posted by Pat White <pa...@verizonmedia.com>.

Sounds good, filed NIFI-7134
<https://issues.apache.org/jira/browse/NIFI-7134> and linked to NIFI-5458,
thanks much for the help Andy.

patw

On Tue, Feb 11, 2020 at 3:02 PM Andy LoPresto <al...@apache.org> wrote:

> This is available in Jetty versions 9.3+ [1], but in NiFi this is not
> currently supported. I have filed a number of enhancement Jiras [2] to
> improve the TLS handling throughout the application, and now that encrypted
> repositories are available, hope to address some of these in the near
> future. Please file a Jira for this specifically and include it in the
> linked epic.
>
> [1] https://github.com/eclipse/jetty.project/issues/918
> [2] https://issues.apache.org/jira/browse/NIFI-5458
>
> Andy LoPresto
> alopresto@apache.org
> *alopresto.apache@gmail.com <al...@gmail.com>*
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>
> On Feb 11, 2020, at 12:23 PM, Pat White <pa...@verizonmedia.com> wrote:
>
> Hi Folks,
>
> Can Nifi's jetty automatically detect and reload its keystore when the
> keystore is changed, such as during credentials update or rotation?
>
> Thank you
> patw
>
>
>

Re: Can jetty reload keystore credentials dynamically?

Posted by Andy LoPresto <al...@apache.org>.

This is available in Jetty versions 9.3+ [1], but in NiFi this is not currently supported. I have filed a number of enhancement Jiras [2] to improve the TLS handling throughout the application, and now that encrypted repositories are available, hope to address some of these in the near future. Please file a Jira for this specifically and include it in the linked epic. 

[1] https://github.com/eclipse/jetty.project/issues/918 <https://github.com/eclipse/jetty.project/issues/918>
[2] https://issues.apache.org/jira/browse/NIFI-5458 <https://issues.apache.org/jira/browse/NIFI-5458>

Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Feb 11, 2020, at 12:23 PM, Pat White <pa...@verizonmedia.com> wrote:
> 
> Hi Folks,
> 
> Can Nifi's jetty automatically detect and reload its keystore when the keystore is changed, such as during credentials update or rotation?
> 
> Thank you
> patw