[jira] [Updated] (NIFI-13560) Refactor Parameter Provider Value Storage and Retrieval

Tue, 23 Jul 2024 08:32:10 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFI-13560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bryan Bende updated NIFI-13560:
-------------------------------
    Fix Version/s: 2.0.0-M5
       Resolution: Fixed
           Status: Resolved  (was: Patch Available)

> Refactor Parameter Provider Value Storage and Retrieval
> -------------------------------------------------------
>
>                 Key: NIFI-13560
>                 URL: https://issues.apache.org/jira/browse/NIFI-13560
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>             Fix For: 2.0.0-M5
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The Parameter Provider interface supports extensible integration with various 
> services for storing and retrieving sensitive values. The current 
> implementation integrates with Parameter Contexts, storing fetched values in 
> the persistent flow configuration, with configurable sensitive status. For 
> sensitive values, the framework encrypts values using the configured 
> sensitive properties key and sensitive properties algorithm.
> Although framework encryption provides a measure of protection for sensitive 
> values, persistent storage in the flow configuration effectively changes the 
> security posture for centralized management of secrets. This approach 
> provides some resilience in the event of communications issues with an 
> external secrets storage provider, but changing the security posture is a 
> more serious concern. To provide some protection against communication 
> issues, the framework should implement memory-based caching of fetched 
> parameter values, which should remain available for the duration of the 
> application process.
> The current user experience should remain the same, requiring user 
> interaction to fetch new parameter values while the system is running. 
> However, the framework should fetch current parameter values when starting, 
> based on storing a reference in the linked Parameter Context. This strategy 
> follows a common implementation pattern in other applications and frameworks, 
> preserving control over access to secrets at the system of record.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to