[
https://issues.apache.org/jira/browse/NIFI-8230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17287719#comment-17287719
]
Moncef ABBOUD commented on NIFI-8230:
-------------------------------------
Hello David,
I would like to raise two questions whose answers are not too obvious, I hope:
# Regarding migration guidance, currently, to migrate from a flow that doesn't
have a key (i.e. relying on the default), I think it would suffice to do as
this section f[rom the admin
guid|https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#sensitive_flow_migration]e
says and the _Encrypt-Config tool_ will use the default password if the
_nifi.sensitive.props.key_ is empty.
https://github.com/apache/nifi/blob/main/nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/properties/ConfigEncryptionTool.groovy#L1419
** Should this also be updated to throw an error and thus make specifying
the old default password as an argument to the Encrypt-Config tool part of the
migration or should it stay for the time being?
# When would the generation of the random key happen exactly? How about
prompting the user for a key during startup of a new standalone installation in
case it was not set ?
Best regards.
> Remove default Sensitive Properties Key
> ---------------------------------------
>
> Key: NIFI-8230
> URL: https://issues.apache.org/jira/browse/NIFI-8230
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Security
> Affects Versions: 1.13.0
> Reporter: David Handermann
> Priority: Major
>
> Support for encryption of sensitive properties relies on configuration of the
> Sensitive Properties Key specified using {{nifi.sensitive.props.key}} in
> {{nifi.properties}}. The default behavior of {{StringEncryptor}} allows for
> the key to be blank and falls back to a default value, logging a verbose
> error message indicating that an explicit key should be provided.
> The fallback to a default value for the Sensitive Properties Key should be
> removed and an exception should be thrown indicating that the property value
> is required. Deployments that already have an explicit value will not be
> impacted. Migration guidance for upgrading should include steps to encrypt
> the configuration using a new key.
> It may be worthwhile generating a random Sensitive Properties Key for new
> installations where there is no existing flow. This would new standalone
> installations to run with a secure key without the need for manual steps.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
