Hi Simon Thanks for the quick response. I was aware of the sensitive property (already using it for a password field) but I wasn’t aware it might be appropriate for storing the key material for the sha256 itself. Was expecting to have to use some kind of key store service.
I’ll give that a try. Thanks > On 18 Dec 2016, at 10:19, Simon Elliston Ball <[email protected]> > wrote: > > This sounds like a job for sensitive properties to me. If you create a > property on your custom processor and mark it with .senstive(true) in your > builder, then the value stored in the flow conf will be available as a > regular property, but encrypted on disk with a key specified in the > nifi.properties. See > https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java#L172 > > <https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java#L172> > for an example of how this works. > > Simon > > >> On 18 Dec 2016, at 09:32, Jonathan Telfer <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi all >> >> I'm currently writing a custom processor to access a non standard messaging >> protocol. The protocol requires each call to contain an authorization header >> signed by a sha256 hmac. >> >> I'm using commons HmacUtils to generate the signature, but I need advice on >> the best way to store the secret key and make it available to the processor. >> >> Thanks. >
