You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Joseph Gresock (Jira)" <ji...@apache.org> on 2021/06/02 11:56:00 UTC
[jira] [Updated] (NIFI-8447) Add Vault encryption as an option in
the Encrypt Tool
[ https://issues.apache.org/jira/browse/NIFI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joseph Gresock updated NIFI-8447:
---------------------------------
Description:
Using the StandardVaultCommunicationService, add options to the Encrypt Tool in nifi-toolkit for the following:
# Select encryption method (aes/gcm vs. vault)
# Select vault configuration (recommended as a vault-configuration.properties file, since there are so many configuration properties). Vault configuration properties include:
{code}
nifi.sensitive.props.hashicorp.vault.uri=
nifi.sensitive.props.hashicorp.vault.transit.key=
nifi.sensitive.props.hashicorp.vault.auth.properties.file=
# Optional TLS options if addr is https
nifi.security.keystore=
nifi.security.keystoreType=
nifi.security.keystorPasswd=
nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
{code}
Selecting vault encryption method should set the encryption value in XML files or the *.protected property in properties files to "vault/[transitKey]"
A transitKey represents a distinct Vault configuration of encryption settings.
Additionally, the corresponding nifi.sensitive.props.hashicorp.vault.* properties should be configured in the resulting nifi.properties file so that the NiFi instance can use the same Vault configuration.
was:
Using the StandardVaultCommunicationService, add options to the Encrypt Tool in nifi-toolkit for the following:
# Select encryption method (aes/gcm vs. vault)
# Select vault configuration (recommended as a vault-configuration.properties file, since there are so many configuration properties). Vault configuration properties include:
{code}
nifi.sensitive.props.vault.uri=
nifi.sensitive.props.vault.transit.key=
nifi.sensitive.props.vault.auth.properties.file=
# Optional TLS options if addr is https
nifi.security.keystore=
nifi.security.keystoreType=
nifi.security.keystorPasswd=
nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
{code}
Selecting vault encryption method should set the encryption value in XML files or the *.protected property in properties files to "vault/[transitKey]"
A transitKey represents a distinct Vault configuration of encryption settings.
Additionally, the corresponding nifi.sensitive.props.vault.* properties should be configured in the resulting nifi.properties file so that the NiFi instance can use the same Vault configuration.
> Add Vault encryption as an option in the Encrypt Tool
> -----------------------------------------------------
>
> Key: NIFI-8447
> URL: https://issues.apache.org/jira/browse/NIFI-8447
> Project: Apache NiFi
> Issue Type: Sub-task
> Reporter: Joseph Gresock
> Priority: Minor
>
> Using the StandardVaultCommunicationService, add options to the Encrypt Tool in nifi-toolkit for the following:
> # Select encryption method (aes/gcm vs. vault)
> # Select vault configuration (recommended as a vault-configuration.properties file, since there are so many configuration properties). Vault configuration properties include:
> {code}
> nifi.sensitive.props.hashicorp.vault.uri=
> nifi.sensitive.props.hashicorp.vault.transit.key=
> nifi.sensitive.props.hashicorp.vault.auth.properties.file=
> # Optional TLS options if addr is https
> nifi.security.keystore=
> nifi.security.keystoreType=
> nifi.security.keystorPasswd=
> nifi.security.keyPasswd=
> nifi.security.truststore=
> nifi.security.truststoreType=
> nifi.security.truststorePasswd=
> {code}
> Selecting vault encryption method should set the encryption value in XML files or the *.protected property in properties files to "vault/[transitKey]"
> A transitKey represents a distinct Vault configuration of encryption settings.
> Additionally, the corresponding nifi.sensitive.props.hashicorp.vault.* properties should be configured in the resulting nifi.properties file so that the NiFi instance can use the same Vault configuration.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)