You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Nathan Gough (Jira)" <ji...@apache.org> on 2022/04/22 19:17:00 UTC

[jira] [Created] (NIFI-9953) The config encryption tool is too complicated to use and can be simplified

Nathan Gough created NIFI-9953:
----------------------------------

             Summary: The config encryption tool is too complicated to use and can be simplified
                 Key: NIFI-9953
                 URL: https://issues.apache.org/jira/browse/NIFI-9953
             Project: Apache NiFi
          Issue Type: Epic
          Components: Tools and Build
    Affects Versions: 1.16.1
            Reporter: Nathan Gough
            Assignee: Nathan Gough


It may be worth creating a new Encrypt Config 2.0 tool rather than converting the existing module. This would allow us to eventually deprecate the 1.0 tool and not mandate us to maintain backwards compatibility in 2.0.

Goals:
 * Eliminate Groovy
 * Reduce complexity of code and complexity of usage
 * Logical separation of components/modularization

Key design concerns:
 # The tool should be implicit rather than explicit - too many parameter inputs has made 1.0 too complex and difficult to use (eg. having to specify every single input and output file etc)
 # Should work for current and future products (NiFi, NiFi Registry, MiNiFi etc)
 # Should be atomic/transactional (all files succeed or fail)
 # Should stream read/write the input and output files
 # Should use Java instead of Groovy
 # Should use PicoCLI as a full featured CLI library which allows subcommands (https://github.com/remkop/picocli)
 # Concise error and debug logging to allow users to rectify issues
 # Re-evaluate need for any extra modes (eg migrate, key input vs password input)

The command interface is expected to look something like this:
{quote}ngough$ ./encrypt-config-2.sh --help

usage: org.apache.nifi.toolkit.encryptconfig2.EncryptConfigMain [-h] [options]

This tool enables easy encryption and decryption of configuration files for NiFi and its sub-projects. Given a root NiFi directory, password and scheme it will protect all sensitive values within configuration files with the key/password. The tool can also decrypt the files given the correct password.

-h,--help           Show usage information (this message)
    --nifiRegistry   Specifies target NiFi Registry. When this flag is not included, NiFi is the target. *// Not sure if required*
-v,--verbose        Sets verbose mode (default false)

 

Command examples:

./encrypt-config-2.sh encrypt [root-nifi-dir | root-nifi-registry-dir | root-minifi-dir] password scheme [--flowXml]

./encrypt-config-2.sh decrypt root-nifi-dir password

./encrypt-config-2.sh migrate root-nifi-dir oldpassword newpassword [oldscheme newscheme]

./encrypt-config-2.sh translate-cli nifi.properties
{quote}



--
This message was sent by Atlassian Jira
(v8.20.7#820007)