[
https://issues.apache.org/jira/browse/NIFI-4942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437847#comment-16437847
]
ASF GitHub Bot commented on NIFI-4942:
--------------------------------------
Github user YolandaMDavis commented on the issue:
https://github.com/apache/nifi/pull/2628
Spoke with @alopresto offline. He highlighted that is it important to
maintain control of location of secure-hash.key file in order to prevent
calling application from piping into a file that is controlled externally. We
want to keep it as secured as possible.
Concerning the documentation update recommendation that can be addressed in
a separate item.
+1
Will merge shortly
> NiFi Toolkit - Allow migration of master key without previous password
> ----------------------------------------------------------------------
>
> Key: NIFI-4942
> URL: https://issues.apache.org/jira/browse/NIFI-4942
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.5.0
> Reporter: Yolanda M. Davis
> Assignee: Andy LoPresto
> Priority: Major
>
> Currently the encryption cli in nifi toolkit requires that, in order to
> migrate from one master key to the next, the previous master key or password
> should be provided. In cases where the provisioning tool doesn't have the
> previous value available this becomes challenging to provide and may be prone
> to error. In speaking with [~alopresto] we can allow toolkit to support a
> mode of execution such that the master key can be updated without requiring
> the previous password. Also documentation around it's usage should be updated
> to be clear in describing the purpose and the type of environment where this
> command should be used (admin only access etc).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
