Versions Compared

Old Version 3

changes.mady.by.user Ferenc Gerlits

Saved on

compared with

New Version 4

changes.mady.by.user Ferenc Gerlits

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you have a minifi.properties file in your Minifi configuration directory /var/tmp/minifi-home/conf containing the following sensitive properties:

Code Block
languagetext
titleminifi.properties
...
nifi.security.client.pass.phrase=pass_phrase
...
nifi.rest.api.user.name=admin
nifi.rest.api.password=password123
...

you can run the encrypt-config tool like this:

Code Block
languagebash
$ ./bin/encrypt-config --minifi-home /var/tmp/minifi-home

Generating a new encryption key...
Wrote the new encryption key to /var/tmp/minifi-home/conf/bootstrap.conf
Encrypted property: nifi.security.client.pass.phrase
Encrypted property: nifi.rest.api.password
Encrypted 2 sensitive properties in /var/tmp/minifi-home/conf/minifi.properties

...

After running the tool, bootstrap.conf will look like this:

Code Block
languagetext
titlebootstrap.conf
nifi.bootstrap.sensitive.key=77cd3f88ab997f7ae99b13c70877c5274c3b7b495f601f290042b14e7db4d542

and minifi.properties will look like this:

Code Block
languagetext
titleminifi.properties
...
nifi.security.client.pass.phrase=STBmfU0uk5hgSYG5O3uJM3HeZjrYJz//||vE/V65QiMgSatzScaPYkraVrpWnBExVgVX/CwyXx
nifi.security.client.pass.phrase.protected=xsalsa20poly1305
...
nifi.rest.api.user.name=admin
nifi.rest.api.password=q8XNjJMoVABXz7sks5O6nhaTqqRay4gF||U3762djgMVguHI6GjRl+iCCDSkIdTFzKDCXi
nifi.rest.api.password.protected=xsalsa20poly1305
...

...

By default, encrypt-config will encrypt a (short) list of default sensitive properties; if you want more properties to be encrypted, you can add a nifi.sensitive.props.additional.keys setting with a comma-separated list of additional sensitive properties to your minifi.properties file like this:

Code Block
languagetext
titleminifi.properties
...
nifi.sensitive.props.additional.keys=nifi.rest.api.user.name,controller.socket.host,controller.socket.port
...

...

  1. Replace the encrypted value with the new, unencrypted value
  2. Delete the the "something.protected=XChaCha20-Poly1305..." line which was added by the tool
  3. Re-run the encrypt-config tool.

...

If you want to generate a new encryption key, you need to:

  1. Remove the "nifi.bootstrap.sensitive.key=..." line from bootstrap.conf (if it does not contain anything else, you can delete the file)
  2. Replace all sensitive property values with their original, unencrypted, values
  3. Delete all the the "something.protected=XChaCha20-Poly1305..." lines
  4. Re-run the encrypt-config tool.

...