Github user alopresto commented on the issue:
https://github.com/apache/nifi-registry/pull/51
Discussed with @kevdoran . He is going to make a small change so the
`CryptoKeyHolder` doesn't maintain the master key value in memory for the
lifetime of the application, but rather makes available to each servlet context
the capability to retrieve the key from the `bootstrap.conf` file when
necessary. Over the lifetime of the application, this value should be needed at
most 3 times (NiFi Registry properties read, Identity provider read, and
Authorizer read).
He will also add some Javadoc and test cases.
---
