You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by l vic <lv...@gmail.com> on 2019/03/21 19:17:16 UTC
sensitive variable values ?
Is there a mechanism in Nifi to use sensitive variable values? For example:
would it be possible to store/set password value
in StandardRestrictedSSLContextService without exposing it? I am looking
for the way to set password in StandardRestrictedSSLContextService from the
automated deployment script....
Thank you,
-V
Re: sensitive variable values ?
Posted by Andy LoPresto <al...@gmail.com>.
I have done some proposals for sensitive variables storage in the variable registry, but haven’t been able to focus on it yet due to other priorities. You can see some light example mock-up, workflow, and bullet points towards the end of this presentation [1].
If you just want to write a secret into the flow.xml.gz during the automated deployment process, I have written a sample Ruby script that performs this task [2]. You can use this as an example if you need to implement this in a different language.
[1] https://github.com/alopresto/slides/blob/master/australia_2018/future_of_data_melbourne.pdf
[2] http://apache-nifi-developer-list.39713.n7.nabble.com/Re-Passwords-in-EncryptContent-tp12900.html
Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
> On Mar 21, 2019, at 20:28, Joe Witt <jo...@gmail.com> wrote:
>
> Hello
>
> The variables of a pg are not, at this time, for sensitive values. You can set the sens values programatically to ensure they are never shown.
>
> We will likely add support for secrets (ie sensitive variables) but eta there depends on progress in the community.
>
> thanks
>
>> On Thu, Mar 21, 2019, 3:17 PM l vic <lv...@gmail.com> wrote:
>> Is there a mechanism in Nifi to use sensitive variable values? For example: would it be possible to store/set password value in StandardRestrictedSSLContextService without exposing it? I am looking for the way to set password in StandardRestrictedSSLContextService from the automated deployment script....
>> Thank you,
>> -V
Re: sensitive variable values ?
Posted by Joe Witt <jo...@gmail.com>.
Hello
The variables of a pg are not, at this time, for sensitive values. You can
set the sens values programatically to ensure they are never shown.
We will likely add support for secrets (ie sensitive variables) but eta
there depends on progress in the community.
thanks
On Thu, Mar 21, 2019, 3:17 PM l vic <lv...@gmail.com> wrote:
> Is there a mechanism in Nifi to use sensitive variable values? For
> example: would it be possible to store/set password value
> in StandardRestrictedSSLContextService without exposing it? I am looking
> for the way to set password in StandardRestrictedSSLContextService from the
> automated deployment script....
> Thank you,
> -V
>
Re: sensitive variable values ?
Posted by Shawn Weeks <sw...@weeksconsulting.us>.
Are you not able to update the properties for the controller service. It looks like you use something like PUT /controller-services/{id} with some json kinda like this.
{ "revision": {…}, "id": "value", "uri": "value", "position": {…}, "permissions": {…}, "bulletins": [{…}], "disconnectedNodeAcknowledged": true, "parentGroupId": "value", "component": {…}, "operatePermissions": {…}, "status": {…} }
Filling in component with something like this and trying to set the properties.
{ "id": "value", "versionedComponentId": "value", "parentGroupId": "value", "position": {…}, "name": "value", "type": "value", "bundle": {…}, "controllerServiceApis": [{…}], "comments": "value", "state": "value", "persistsState": true, "restricted": true, "deprecated": true, "multipleVersionsAvailable": true, "properties": { "name": "value" }, "descriptors": { "name": {…} }, "customUiUrl": "value", "annotationData": "value", "referencingComponents": [{…}], "validationErrors": ["value"], "validationStatus": "value", "extensionMissing": true }
Check https://nifi.apache.org/docs/nifi-docs/rest-api/index.html
What JSON have you tried so far?
Thanks
Shawn
From: l vic <lv...@gmail.com>
Reply-To: "users@nifi.apache.org" <us...@nifi.apache.org>
Date: Thursday, March 21, 2019 at 3:38 PM
To: "users@nifi.apache.org" <us...@nifi.apache.org>
Subject: Re: sensitive variable values ?
I don't see how to do it for service from NiFi REST api... Any suggestions?
Thank you
Re: sensitive variable values ?
Posted by l vic <lv...@gmail.com>.
I don't see how to do it for service from NiFi REST api... Any suggestions?
Thank you
>
>
Re: sensitive variable values ?
Posted by Bryan Bende <bb...@gmail.com>.
Sensitive variables is something we'd like to support, but we
currently don't have that capability yet.
If you are using a script to create components, or to instantiate
templates, you should be able to set the property values of those
components using the REST API.
You would be making the same REST call that is made if you were in the
UI and were on the config window, entered the password, and hit the
Apply button.
On Thu, Mar 21, 2019 at 3:17 PM l vic <lv...@gmail.com> wrote:
>
> Is there a mechanism in Nifi to use sensitive variable values? For example: would it be possible to store/set password value in StandardRestrictedSSLContextService without exposing it? I am looking for the way to set password in StandardRestrictedSSLContextService from the automated deployment script....
> Thank you,
> -V