nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Milan Das <m...@interset.com>
Subject Re: HiveConnectionPool URL with trustStorePasswrd
Date Wed, 14 Mar 2018 19:11:27 GMT
We are going to use a Custom controller and mark the URL as sensitive property. Client don’t
want to make any password visible.

 

Regards,

Milan

 

From: Andy LoPresto <alopresto@apache.org>
Reply-To: <dev@nifi.apache.org>
Date: Monday, March 12, 2018 at 4:00 PM
To: <dev@nifi.apache.org>
Subject: Re: HiveConnectionPool URL with trustStorePasswrd

 

Milan,

 

I am also not aware of any way to use an encrypted value in the JDBC connection string. In
my understanding, the truststore password is only used to verify the integrity of the truststore
which is used locally (i.e. not transmitted) to accept the remote endpoint’s TLS certificate.


 

You could probably write a custom controller service replacing HiveConnectionPool [1] which
implemented HiveDBCPService and marked the connection string as a sensitive property, so it
would be encrypted on disk by NiFi and not revealed over the API, but it might be difficult
to use in this way because the entire connection string would be hidden in the UI. You could
also theoretically have separate property descriptors for the connection string and truststore
password and construct the connection string yourself internally, but this is probably overkill.
 

 

[1] https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-hive-nar/1.5.0/org.apache.nifi.dbcp.hive.HiveConnectionPool/index.html

 

 

Andy LoPresto

alopresto@apache.org

alopresto.apache@gmail.com

PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

 

On Mar 12, 2018, at 12:27 PM, Pierre Villard <pierre.villard.fr@gmail.com> wrote:

 

Hi Milan,

As far as I know, there is not. It's the same when you connect with the
beeline client from a node.
Note that you can set the chmod/chown of the truststore file to be only
readable by the user running nifi. It should help preventing unauthorized
access.

Pierre

2018-03-12 14:49 GMT+01:00 Milan Das <mdas@interset.com>:



Hello folks,

I am connecting to Hive environment with TLS security on. In order to do
that need to send trustStorePasswrd  in Hive2 URL . As the configuration is
in controller services, not able to find a way to set the
trustStorePassword in encrypted format.

Wondering if there is a way to set trustStorePassword in encrypted format ?



Database ConnectionUrl: jdbc:hive2://ip-xxx-xx-x-xxx.
ec2.internal:10000/default;principal=hive/_HOST@CO.ACME.COM
;ssl=true;sslTrustStore=/etc/hadoop/ssl/truststore.jks;
trustStorePassword=password



Regard,



[image: graph]

*Milan Das*
Sr. System Architect

email: mdas@interset.com
mobile: +1 678 216 5660 <(678)%20216-5660>

[image: dIn icon] <https://www.linkedin.com/in/milandas/>

www.interset.com

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message