You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Joseph Gresock (Jira)" <ji...@apache.org> on 2021/06/02 11:56:00 UTC

[jira] [Updated] (NIFI-8447) Add Vault encryption as an option in the Encrypt Tool

     [ https://issues.apache.org/jira/browse/NIFI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joseph Gresock updated NIFI-8447:
---------------------------------
    Description: 
Using the StandardVaultCommunicationService, add options to the Encrypt Tool in nifi-toolkit for the following:
 # Select encryption method (aes/gcm vs. vault)
 # Select vault configuration (recommended as a vault-configuration.properties file, since there are so many configuration properties).  Vault configuration properties include: 

{code}
nifi.sensitive.props.hashicorp.vault.uri=
nifi.sensitive.props.hashicorp.vault.transit.key=
nifi.sensitive.props.hashicorp.vault.auth.properties.file=

# Optional TLS options if addr is https
nifi.security.keystore=
nifi.security.keystoreType=
nifi.security.keystorPasswd=
nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
{code}

Selecting vault encryption method should set the encryption value in XML files or the *.protected property in properties files to "vault/[transitKey]"

A transitKey represents a distinct Vault configuration of encryption settings.

Additionally, the corresponding nifi.sensitive.props.hashicorp.vault.* properties should be configured in the resulting nifi.properties file so that the NiFi instance can use the same Vault configuration.

  was:
Using the StandardVaultCommunicationService, add options to the Encrypt Tool in nifi-toolkit for the following:
 # Select encryption method (aes/gcm vs. vault)
 # Select vault configuration (recommended as a vault-configuration.properties file, since there are so many configuration properties).  Vault configuration properties include: 

{code}
nifi.sensitive.props.vault.uri=
nifi.sensitive.props.vault.transit.key=
nifi.sensitive.props.vault.auth.properties.file=

# Optional TLS options if addr is https
nifi.security.keystore=
nifi.security.keystoreType=
nifi.security.keystorPasswd=
nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
{code}

Selecting vault encryption method should set the encryption value in XML files or the *.protected property in properties files to "vault/[transitKey]"

A transitKey represents a distinct Vault configuration of encryption settings.

Additionally, the corresponding nifi.sensitive.props.vault.* properties should be configured in the resulting nifi.properties file so that the NiFi instance can use the same Vault configuration.


> Add Vault encryption as an option in the Encrypt Tool
> -----------------------------------------------------
>
>                 Key: NIFI-8447
>                 URL: https://issues.apache.org/jira/browse/NIFI-8447
>             Project: Apache NiFi
>          Issue Type: Sub-task
>            Reporter: Joseph Gresock
>            Priority: Minor
>
> Using the StandardVaultCommunicationService, add options to the Encrypt Tool in nifi-toolkit for the following:
>  # Select encryption method (aes/gcm vs. vault)
>  # Select vault configuration (recommended as a vault-configuration.properties file, since there are so many configuration properties).  Vault configuration properties include: 
> {code}
> nifi.sensitive.props.hashicorp.vault.uri=
> nifi.sensitive.props.hashicorp.vault.transit.key=
> nifi.sensitive.props.hashicorp.vault.auth.properties.file=
> # Optional TLS options if addr is https
> nifi.security.keystore=
> nifi.security.keystoreType=
> nifi.security.keystorPasswd=
> nifi.security.keyPasswd=
> nifi.security.truststore=
> nifi.security.truststoreType=
> nifi.security.truststorePasswd=
> {code}
> Selecting vault encryption method should set the encryption value in XML files or the *.protected property in properties files to "vault/[transitKey]"
> A transitKey represents a distinct Vault configuration of encryption settings.
> Additionally, the corresponding nifi.sensitive.props.hashicorp.vault.* properties should be configured in the resulting nifi.properties file so that the NiFi instance can use the same Vault configuration.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)