nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Witt <>
Subject Re: Encrypting values in custom variable registry files
Date Wed, 15 Nov 2017 16:25:57 GMT
At this point there is support for sensitive component properties
which mean no matter what the value is (whether it is an actual value
or a string referencing a variable key) we will ensure it is always
encrypted in config files and never returned to any client even in
encrypted form unless there is some clear need based on the API call.

There is no support at this point for sensitive variables meaning we
dont presently encrypt variable values.

With the flow registry work that is going on now in the first instance
of pulling in an version of a registered flow you can set the value
for sensitive properties and they'd be honored/kept across new
versions so the mechanism should work quite well for version managed
flows even with things like passwords.  That might help you.


On Wed, Nov 15, 2017 at 11:04 AM, Mike Thomsen <> wrote:
> Based on this,, it looks
> like I cannot encrypt the property that holds the MongoDB password if it is
> in the variable registry file. Is that correct?
> Thanks,
> Mike
> On Wed, Nov 15, 2017 at 9:25 AM, Mike Thomsen <>
> wrote:
>> The encrypt-config tool can encrypt sensitive properties in
>>, but can it be set up to also go into the files specified
>> with the registry property as additional sources of properties?
>> Thanks,
>> Mike

View raw message