Re: sensitive variable values ?
I have done some proposals for sensitive variables storage in the variable registry, but haven’t been able to focus on it yet due to other priorities. You can see some light example mock-up, workflow, and bullet points towards the end of this presentation [1]. If you just want to write a secret into the flow.xml.gz during the automated deployment process, I have written a sample Ruby script that performs this task [2]. You can use this as an example if you need to implement this in a different language. [1] https://github.com/alopresto/slides/blob/master/australia_2018/future_of_data_melbourne.pdf [2] http://apache-nifi-developer-list.39713.n7.nabble.com/Re-Passwords-in-EncryptContent-tp12900.html Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Mar 21, 2019, at 20:28, Joe Witt wrote: > > Hello > > The variables of a pg are not, at this time, for sensitive values. You can > set the sens values programatically to ensure they are never shown. > > We will likely add support for secrets (ie sensitive variables) but eta there > depends on progress in the community. > > thanks > >> On Thu, Mar 21, 2019, 3:17 PM l vic wrote: >> Is there a mechanism in Nifi to use sensitive variable values? For example: >> would it be possible to store/set password value in >> StandardRestrictedSSLContextService without exposing it? I am looking for >> the way to set password in StandardRestrictedSSLContextService from the >> automated deployment script >> Thank you, >> -V
Re: sensitive variable values ?
Are you not able to update the properties for the controller service. It looks like you use something like PUT /controller-services/{id} with some json kinda like this. { "revision": {…}, "id": "value", "uri": "value", "position": {…}, "permissions": {…}, "bulletins": [{…}], "disconnectedNodeAcknowledged": true, "parentGroupId": "value", "component": {…}, "operatePermissions": {…}, "status": {…} } Filling in component with something like this and trying to set the properties. { "id": "value", "versionedComponentId": "value", "parentGroupId": "value", "position": {…}, "name": "value", "type": "value", "bundle": {…}, "controllerServiceApis": [{…}], "comments": "value", "state": "value", "persistsState": true, "restricted": true, "deprecated": true, "multipleVersionsAvailable": true, "properties": { "name": "value" }, "descriptors": { "name": {…} }, "customUiUrl": "value", "annotationData": "value", "referencingComponents": [{…}], "validationErrors": ["value"], "validationStatus": "value", "extensionMissing": true } Check https://nifi.apache.org/docs/nifi-docs/rest-api/index.html What JSON have you tried so far? Thanks Shawn From: l vic Reply-To: "users@nifi.apache.org" Date: Thursday, March 21, 2019 at 3:38 PM To: "users@nifi.apache.org" Subject: Re: sensitive variable values ? I don't see how to do it for service from NiFi REST api... Any suggestions? Thank you
Re: sensitive variable values ?
I don't see how to do it for service from NiFi REST api... Any suggestions? Thank you > >
Re: sensitive variable values ?
Sensitive variables is something we'd like to support, but we currently don't have that capability yet. If you are using a script to create components, or to instantiate templates, you should be able to set the property values of those components using the REST API. You would be making the same REST call that is made if you were in the UI and were on the config window, entered the password, and hit the Apply button. On Thu, Mar 21, 2019 at 3:17 PM l vic wrote: > > Is there a mechanism in Nifi to use sensitive variable values? For example: > would it be possible to store/set password value in > StandardRestrictedSSLContextService without exposing it? I am looking for the > way to set password in StandardRestrictedSSLContextService from the automated > deployment script > Thank you, > -V
Re: sensitive variable values ?
Hello The variables of a pg are not, at this time, for sensitive values. You can set the sens values programatically to ensure they are never shown. We will likely add support for secrets (ie sensitive variables) but eta there depends on progress in the community. thanks On Thu, Mar 21, 2019, 3:17 PM l vic wrote: > Is there a mechanism in Nifi to use sensitive variable values? For > example: would it be possible to store/set password value > in StandardRestrictedSSLContextService without exposing it? I am looking > for the way to set password in StandardRestrictedSSLContextService from the > automated deployment script > Thank you, > -V >