[ https://issues.apache.org/jira/browse/NIFI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joseph Gresock updated NIFI-8447: --------------------------------- Description: Add support for a HASHICORP_VAULT_TRANSIT PropertyProtectionScheme in the Encrypt Config Tool that can be configured with a Secrets Engine path and the relevant bootstrap.conf properties. This path will be used in the identifier key: "vault/transit/[path]" The bootstrap.conf provided in the command line must be configured with the following relevant properties in order for the encryption to work: {code} # HashiCorp Vault Sensitive Property Provider (not enabled if the following two properties are not set) nifi.bootstrap.sensitive.props.hashicorp.vault.uri= nifi.bootstrap.sensitive.props.hashicorp.vault.auth.props.file= # HashiCorp Vault Secrets Engine configuration # If set, enables PropertyProtectionScheme.HASHICORP_VAULT_TRANSIT nifi.bootstrap.sensitive.props.hashicorp.vault.transit.path= # Optional HashiCorp Vault configuration nifi.bootstrap.sensitive.props.hashicorp.vault.connection.timeout=5 secs nifi.bootstrap.sensitive.props.hashicorp.vault.read.timeout=15 secs nifi.bootstrap.sensitive.props.hashicorp.vault.enabled.tls.cipher.suites= nifi.bootstrap.sensitive.props.hashicorp.vault.enabled.tls.protocols= nifi.bootstrap.sensitive.props.hashicorp.vault.keystore= nifi.bootstrap.sensitive.props.hashicorp.vault.keystoreType= nifi.bootstrap.sensitive.props.hashicorp.vault.keystorePasswd= nifi.bootstrap.sensitive.props.hashicorp.vault.truststore= nifi.bootstrap.sensitive.props.hashicorp.vault.truststoreType= nifi.bootstrap.sensitive.props.hashicorp.vault.truststorePasswd= {code} was: Using the StandardHashiCorpVaultCommunicationService, add options to the Encrypt Tool in nifi-toolkit for the following: # Select encryption method (aes/gcm vs. vault) # Select vault configuration (recommended as a vault-configuration.properties file, since there are so many configuration properties). Vault configuration properties include: {code} nifi.sensitive.props.hashicorp.vault.uri= nifi.sensitive.props.hashicorp.vault.transit.key= nifi.sensitive.props.hashicorp.vault.auth.properties.file= # Optional TLS options if addr is https nifi.security.keystore= nifi.security.keystoreType= nifi.security.keystorPasswd= nifi.security.keyPasswd= nifi.security.truststore= nifi.security.truststoreType= nifi.security.truststorePasswd= {code} Selecting vault encryption method should set the encryption value in XML files or the *.protected property in properties files to "vault/[transitKey]" A transitKey represents a distinct Vault configuration of encryption settings. Additionally, the corresponding nifi.sensitive.props.hashicorp.vault.* properties should be configured in the resulting nifi.properties file so that the NiFi instance can use the same Vault configuration. > Add HashiCorp Vault encryption as an option in the Encrypt Tool > --------------------------------------------------------------- > > Key: NIFI-8447 > URL: https://issues.apache.org/jira/browse/NIFI-8447 > Project: Apache NiFi > Issue Type: Sub-task > Reporter: Joseph Gresock > Priority: Minor > > Add support for a HASHICORP_VAULT_TRANSIT PropertyProtectionScheme in the > Encrypt Config Tool that can be configured with a Secrets Engine path and the > relevant bootstrap.conf properties. This path will be used in the identifier > key: "vault/transit/[path]" > The bootstrap.conf provided in the command line must be configured with the > following relevant properties in order for the encryption to work: > {code} > # HashiCorp Vault Sensitive Property Provider (not enabled if the following > two properties are not set) > nifi.bootstrap.sensitive.props.hashicorp.vault.uri= > nifi.bootstrap.sensitive.props.hashicorp.vault.auth.props.file= > # HashiCorp Vault Secrets Engine configuration > # If set, enables PropertyProtectionScheme.HASHICORP_VAULT_TRANSIT > nifi.bootstrap.sensitive.props.hashicorp.vault.transit.path= > # Optional HashiCorp Vault configuration > nifi.bootstrap.sensitive.props.hashicorp.vault.connection.timeout=5 secs > nifi.bootstrap.sensitive.props.hashicorp.vault.read.timeout=15 secs > nifi.bootstrap.sensitive.props.hashicorp.vault.enabled.tls.cipher.suites= > nifi.bootstrap.sensitive.props.hashicorp.vault.enabled.tls.protocols= > nifi.bootstrap.sensitive.props.hashicorp.vault.keystore= > nifi.bootstrap.sensitive.props.hashicorp.vault.keystoreType= > nifi.bootstrap.sensitive.props.hashicorp.vault.keystorePasswd= > nifi.bootstrap.sensitive.props.hashicorp.vault.truststore= > nifi.bootstrap.sensitive.props.hashicorp.vault.truststoreType= > nifi.bootstrap.sensitive.props.hashicorp.vault.truststorePasswd= > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)