David Handermann created NIFI-13560: ---------------------------------------
Summary: Refactor Parameter Provider Value Storage and Retrieval Key: NIFI-13560 URL: https://issues.apache.org/jira/browse/NIFI-13560 Project: Apache NiFi Issue Type: Improvement Components: Core Framework Reporter: David Handermann Assignee: David Handermann The Parameter Provider interface supports extensible integration with various services for storing and retrieving sensitive values. The current implementation integrates with Parameter Contexts, storing fetched values in the persistent flow configuration, with configurable sensitive status. For sensitive values, the framework encrypts values using the configured sensitive properties key and sensitive properties algorithm. Although framework encryption provides a measure of protection for sensitive values, persistent storage in the flow configuration effectively changes the security posture for centralized management of secrets. This approach provides some resilience in the event of communications issues with an external secrets storage provider, but changing the security posture is a more serious concern. To provide some protection against communication issues, the framework should implement memory-based caching of fetched parameter values, which should remain available for the duration of the application process. The current user experience should remain the same, requiring user interaction to fetch new parameter values while the system is running. However, the framework should fetch current parameter values when starting, based on storing a reference in the linked Parameter Context. This strategy follows a common implementation pattern in other applications and frameworks, preserving control over access to secrets at the system of record. -- This message was sent by Atlassian Jira (v8.20.10#820010)