[
https://issues.apache.org/jira/browse/NIFI-8230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17291910#comment-17291910
]
David Handermann commented on NIFI-8230:
----------------------------------------
Thanks for the feedback [~cef111]! I appreciate your contribution and look
forward to your feedback when I submit the PR.
> Remove default Sensitive Properties Key
> ---------------------------------------
>
> Key: NIFI-8230
> URL: https://issues.apache.org/jira/browse/NIFI-8230
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Security
> Affects Versions: 1.13.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
>
> Support for encryption of sensitive properties relies on configuration of the
> Sensitive Properties Key specified using {{nifi.sensitive.props.key}} in
> {{nifi.properties}}. The default behavior of {{StringEncryptor}} allows for
> the key to be blank and falls back to a default value, logging a verbose
> error message indicating that an explicit key should be provided.
> The fallback to a default value for the Sensitive Properties Key should be
> removed and an exception should be thrown indicating that the property value
> is required. Deployments that already have an explicit value will not be
> impacted. Migration guidance for upgrading should include steps to encrypt
> the configuration using a new key.
> It may be worthwhile generating a random Sensitive Properties Key for new
> installations where there is no existing flow. This would new standalone
> installations to run with a secure key without the need for manual steps.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
