[
https://issues.apache.org/jira/browse/NIFI-8230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17287753#comment-17287753
]
David Handermann commented on NIFI-8230:
----------------------------------------
Thanks for your feedback and questions [~cef111].
# Regarding the {{Encrypt-Config}} Tool, the instructions you referenced
should be sufficient for migrating existing flows after an upgrade that removes
the internal default sensitive properties key. As far as changing the
{{Encrypt-Config}} Tool itself, it seems like it would be useful to implement
support for a new argument that would allow specifying the old password as
opposed to reading it from {{nifi.properties}}. As far as removing the default
sensitive key from {{ConfigEncryptionTool}}, there are positives and negatives
to consider. Having the default sensitive key embedded in
{{ConfigEncryptionTool}} definitely makes migration easier for new users, and
leaving it in place would mean that existing documentation remains applicable.
It seems better to leave the value in place in the {{ConfigEncryptionTool}} and
consider removing it in a future major release version.
# When to generate a random sensitive properties key is a good question.
Checking for the absence of a {{flow.xml.gz}} configuration, and a blank key in
{{nifi.properties}}, could be used to determine whether a new value should be
generated. Prompting the user to enter a value has some advantages, but it
could also be challenging to deal with validating user input for things like
minimum length. For a new standalone installation, it doesn't seem necessary
for the user to know the value, so using {{java.util.SecureRandom}} to generate
a value of sufficient length and write it to {{nifi.properties}} would require
less user interaction while providing much better security than the internal
default key.
> Remove default Sensitive Properties Key
> ---------------------------------------
>
> Key: NIFI-8230
> URL: https://issues.apache.org/jira/browse/NIFI-8230
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Security
> Affects Versions: 1.13.0
> Reporter: David Handermann
> Priority: Major
>
> Support for encryption of sensitive properties relies on configuration of the
> Sensitive Properties Key specified using {{nifi.sensitive.props.key}} in
> {{nifi.properties}}. The default behavior of {{StringEncryptor}} allows for
> the key to be blank and falls back to a default value, logging a verbose
> error message indicating that an explicit key should be provided.
> The fallback to a default value for the Sensitive Properties Key should be
> removed and an exception should be thrown indicating that the property value
> is required. Deployments that already have an explicit value will not be
> impacted. Migration guidance for upgrading should include steps to encrypt
> the configuration using a new key.
> It may be worthwhile generating a random Sensitive Properties Key for new
> installations where there is no existing flow. This would new standalone
> installations to run with a secure key without the need for manual steps.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
