You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/03/26 22:10:37 UTC
[GitHub] [nifi] thenatog commented on issue #4164: NIFI-5481 - Add new
providers of protected sensitive configuration values
thenatog commented on issue #4164: NIFI-5481 - Add new providers of protected sensitive configuration values
URL: https://github.com/apache/nifi/pull/4164#issuecomment-604713583
This PR refactors the Sensitive Property Providers that are used to encrypt the NiFi configuration files as the first step towards adding other KMS providers in future. The future additions can be external Key Management Service (KMS) providers such as cloud services like GCP KMS, Azure Key Vault, AWS KMS, Hashicorp Vault etc by implementing the SensitivePropertyProvider interface. This will allow NiFi to retrieve and use keys from these providers to encrypt/decrypt sensitive properties (passwords) in the nifi.properties, loginIdentityProviders, authorizers files. At the moment, this PR continues to use the original (historical default) AES SPP as the default provider, and also allows for a local keystore file provider with the KeyStoreWrappedSensitivePropertyProvider.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services