[ https://issues.apache.org/jira/browse/NIFI-13560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Bende updated NIFI-13560: ------------------------------- Fix Version/s: 2.0.0-M5 Resolution: Fixed Status: Resolved (was: Patch Available) > Refactor Parameter Provider Value Storage and Retrieval > ------------------------------------------------------- > > Key: NIFI-13560 > URL: https://issues.apache.org/jira/browse/NIFI-13560 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework > Reporter: David Handermann > Assignee: David Handermann > Priority: Major > Fix For: 2.0.0-M5 > > Time Spent: 40m > Remaining Estimate: 0h > > The Parameter Provider interface supports extensible integration with various > services for storing and retrieving sensitive values. The current > implementation integrates with Parameter Contexts, storing fetched values in > the persistent flow configuration, with configurable sensitive status. For > sensitive values, the framework encrypts values using the configured > sensitive properties key and sensitive properties algorithm. > Although framework encryption provides a measure of protection for sensitive > values, persistent storage in the flow configuration effectively changes the > security posture for centralized management of secrets. This approach > provides some resilience in the event of communications issues with an > external secrets storage provider, but changing the security posture is a > more serious concern. To provide some protection against communication > issues, the framework should implement memory-based caching of fetched > parameter values, which should remain available for the duration of the > application process. > The current user experience should remain the same, requiring user > interaction to fetch new parameter values while the system is running. > However, the framework should fetch current parameter values when starting, > based on storing a reference in the linked Parameter Context. This strategy > follows a common implementation pattern in other applications and frameworks, > preserving control over access to secrets at the system of record. -- This message was sent by Atlassian Jira (v8.20.10#820010)