I'm working on upgrading nifi 1.23.2 to nifi 2.3.0 I noticed an imcompability issue.
In nifi 1.23.2, You can put encrypted password in conf/login-identity-providers.xml e.g.
<provider>
<identifier>ldap-provider</identifier>
<class>.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">LDAPS</property>
<property name="Manager DN">MY_DN</property>
<property encryption="aes/gcm/256" name="Manager Password">MY_DN_PASSWORD_HASHED</property>
<property name="TLS - Truststore">/opt/nifi/nifi-current/cert/truststore.jks</property>
<property encryption="aes/gcm/256" name="TLS - Truststore Password">MY_TRUSTSTORE_PASSWORD_HASHED</property>
However in nifi 2.3.0 it's not allowed and the encrytion is also removed from nifi-tool-kit.
[nifi@nifi-current-test-0 nifi-current]$ cat conf/login-identity-providers.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<loginIdentityProviders>
<provider>
<identifier>ldap-provider</identifier>
<class>.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">LDAPS</property>
<property name="Manager DN">MY_DN</property>
<property name="Manager Password">!!MY_PLAINTEXT_PASSWORD</property>
<property name="TLS - Truststore">/opt/nifi/nifi-current/cert/truststore.jks</property>
<property name="TLS - Truststore Password">!!TRUSTSTORE_PASSWORD_PLAINTEXT</property>
<property name="TLS - Truststore Type">jks</property>
<property name="TLS - Client Auth">NONE</property>
It's not safe to keep plaintext password in configuration files. Is there a way to configure encrypted password? THe same question applies to other configuration files, e.g. authorizers.xml.
I understand in nifi.properties, you can put =encrypted:. What is the equivalent solution for all the xml configurations of nifi?
I'm working on upgrading nifi 1.23.2 to nifi 2.3.0 I noticed an imcompability issue.
In nifi 1.23.2, You can put encrypted password in conf/login-identity-providers.xml e.g.
<provider>
<identifier>ldap-provider</identifier>
<class>.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">LDAPS</property>
<property name="Manager DN">MY_DN</property>
<property encryption="aes/gcm/256" name="Manager Password">MY_DN_PASSWORD_HASHED</property>
<property name="TLS - Truststore">/opt/nifi/nifi-current/cert/truststore.jks</property>
<property encryption="aes/gcm/256" name="TLS - Truststore Password">MY_TRUSTSTORE_PASSWORD_HASHED</property>
However in nifi 2.3.0 it's not allowed and the encrytion is also removed from nifi-tool-kit.
[nifi@nifi-current-test-0 nifi-current]$ cat conf/login-identity-providers.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<loginIdentityProviders>
<provider>
<identifier>ldap-provider</identifier>
<class>.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">LDAPS</property>
<property name="Manager DN">MY_DN</property>
<property name="Manager Password">!!MY_PLAINTEXT_PASSWORD</property>
<property name="TLS - Truststore">/opt/nifi/nifi-current/cert/truststore.jks</property>
<property name="TLS - Truststore Password">!!TRUSTSTORE_PASSWORD_PLAINTEXT</property>
<property name="TLS - Truststore Type">jks</property>
<property name="TLS - Client Auth">NONE</property>
It's not safe to keep plaintext password in configuration files. Is there a way to configure encrypted password? THe same question applies to other configuration files, e.g. authorizers.xml.
I understand in nifi.properties, you can put =encrypted:. What is the equivalent solution for all the xml configurations of nifi?
Share Improve this question asked Mar 26 at 19:43 Jin MaJin Ma 2431 gold badge5 silver badges16 bronze badges1 Answer
Reset to default 0Are you running your nifi on kubernetes or on the instances?
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744129068a4559745.html
评论列表(0条)