[
https://issues.apache.org/jira/browse/NIFI-8230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17291842#comment-17291842
]
Moncef ABBOUD commented on NIFI-8230:
-------------------------------------
Hello [~exceptionfactory],
I have just looked over the PR. Kudos for the refactoring. It has brought more
clarity and elegance to the code.
I was actually familiarizing myself with the NiFiProperties loading process and
the initialization of an empty flow. But since you have put up so much work in
the 4809 PR and you already are the assignee for this issue, far be it from me
the idea to steal your thunder.
Best of luck working on this.
> Remove default Sensitive Properties Key
> ---------------------------------------
>
> Key: NIFI-8230
> URL: https://issues.apache.org/jira/browse/NIFI-8230
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Security
> Affects Versions: 1.13.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
>
> Support for encryption of sensitive properties relies on configuration of the
> Sensitive Properties Key specified using {{nifi.sensitive.props.key}} in
> {{nifi.properties}}. The default behavior of {{StringEncryptor}} allows for
> the key to be blank and falls back to a default value, logging a verbose
> error message indicating that an explicit key should be provided.
> The fallback to a default value for the Sensitive Properties Key should be
> removed and an exception should be thrown indicating that the property value
> is required. Deployments that already have an explicit value will not be
> impacted. Migration guidance for upgrading should include steps to encrypt
> the configuration using a new key.
> It may be worthwhile generating a random Sensitive Properties Key for new
> installations where there is no existing flow. This would new standalone
> installations to run with a secure key without the need for manual steps.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
