You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/12/07 18:25:00 UTC

[jira] [Commented] (NIFIREG-61) Add support for encrypted properties in configuration files

    [ https://issues.apache.org/jira/browse/NIFIREG-61?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16282265#comment-16282265 ] 

ASF GitHub Bot commented on NIFIREG-61:
---------------------------------------

GitHub user kevdoran opened a pull request:

    https://github.com/apache/nifi-registry/pull/51

    NIFIREG-61 Add support for encrypted config files

    Allows sensitive property values to be encrypted in the following configuration files: 
    
    - nifi-registry.properties
    - identity-providers.xml
    - authorizers.xml 
    
    A decryption key can be configured in bootstrap.conf that allows decrypting protected properties at runtime.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/kevdoran/nifi-registry NIFIREG-61

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi-registry/pull/51.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #51
    
----
commit 8c0cd912c19889e32f8962d20c450c109a8901f1
Author: Kevin Doran <kd...@gmail.com>
Date:   2017-12-05T19:44:24Z

    NIFIREG-61 Add support for encrypted config files
    
    Allows sensitive property values to be encrypted in the following
    configuration files:
    
    - nifi-registry.properties
    - identity-providers.xml
    - authorizers.xml
    
    A decryption key can be configured in bootstrap.conf that allows
    decrypting protected properties at runtime.

----


> Add support for encrypted properties in configuration files
> -----------------------------------------------------------
>
>                 Key: NIFIREG-61
>                 URL: https://issues.apache.org/jira/browse/NIFIREG-61
>             Project: NiFi Registry
>          Issue Type: New Feature
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>
> The NiFi Registry server is configured by files on disk, e.g., nifi-registry.properties, bootstrap.conf, and XML files for loading extensions. Sometimes these files contain properties with sensitive values, such as credentials.
> We want to be able to support encrypting property values in NiFi Registry configuration files on disk that get decrypted in memory at runtime. As an initial step, the decryption key will be specified in the bootstrap.conf file. In the future, it might be input to the bootstrap processes via other means.
> For the design of this feature, the NiFi implementation of this capability should be used as a guide.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)