[
https://issues.apache.org/jira/browse/NIFIREG-61?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16282334#comment-16282334
]
ASF GitHub Bot commented on NIFIREG-61:
---------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi-registry/pull/51
Discussed with @kevdoran . He is going to make a small change so the
`CryptoKeyHolder` doesn't maintain the master key value in memory for the
lifetime of the application, but rather makes available to each servlet context
the capability to retrieve the key from the `bootstrap.conf` file when
necessary. Over the lifetime of the application, this value should be needed at
most 3 times (NiFi Registry properties read, Identity provider read, and
Authorizer read).
He will also add some Javadoc and test cases.
> Add support for encrypted properties in configuration files
> -----------------------------------------------------------
>
> Key: NIFIREG-61
> URL: https://issues.apache.org/jira/browse/NIFIREG-61
> Project: NiFi Registry
> Issue Type: New Feature
> Reporter: Kevin Doran
> Assignee: Kevin Doran
>
> The NiFi Registry server is configured by files on disk, e.g.,
> nifi-registry.properties, bootstrap.conf, and XML files for loading
> extensions. Sometimes these files contain properties with sensitive values,
> such as credentials.
> We want to be able to support encrypting property values in NiFi Registry
> configuration files on disk that get decrypted in memory at runtime. As an
> initial step, the decryption key will be specified in the bootstrap.conf
> file. In the future, it might be input to the bootstrap processes via other
> means.
> For the design of this feature, the NiFi implementation of this capability
> should be used as a guide.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
