Devin, I am working on a PR to support this. I hope to have it completed by tomorrow.
NIFI-1831 has a description of the task, PR 834 has my current changes. Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Aug 18, 2016, at 10:33, Devin Fisher <devin.fis...@perfectsearchcorp.com> > wrote: > > We are looking to deploy nifi as part of an appliance. Normally, we use > etckeeper [1] to maintain, track and backup our configuration across the > board. Etckeeper puts configuration files into a git repo. I would like to > store nifi configuration in the same way but I'm concerned about storing > the sensitive properties key there along with the flow.xml.gz. I would like > to store that key somewhere else and load it in at start up time. Any > thoughts on how that could be done. Ultimately, I just want is to not back > up the key with the flow.xml.gz (which has the encrypted data). That way if > someone gets a hold of the backup it would not trivial to decrypt the > sensitive data in flow.xml.gz. > > I thought I might be able to do this by adding a custom java.arg to the > bootstrap.conf that would point to an environment variable. > > Something like: > java.arg.99=-Dnifi.sensitive.props.key=$NIFI_SENSITIVE_PROPS_KEY > > But I'm not sure if System properties can stand in for nifi.perperies > values and if the boot loader launches nifi in such a way to use > environment variables. > > > [1] https://github.com/joeyh/etckeeper