Hello all, I am trying to protect plain text passwords. I am using the latest docker image (1.10.0), and edited manually nifi.sensitive.props.key as below
sed -i -e "s|^nifi.sensitive.props.key=.*$|nifi.sensitive.props.key=${NIFI_SENSITIVE_PROPS_KEY}|" /opt/nifi/nifi-current/conf/nifi.properties sed -i -e "s|^nifi.provenance.repository.encryption.key=.*$|nifi.provenance.repository.encryption.key=${NIFI_SENSITIVE_PROPS_KEY}|" /opt/nifi/nifi-current/conf/nifi.properties (this command for some reason does not update the file inside the Dockerfile, I have to do inside the container). After updated that property, I run following command inside the container: bash /opt/nifi/nifi-toolkit-current/bin/encrypt-config.sh -n /opt/nifi/nifi-current/conf/nifi.properties -b /opt/nifi/nifi-current/conf/bootstrap.conf -a /opt/nifi/nifi-current/conf/authorizers.xml -l /opt/nifi/nifi-current/conf/login-identity-providers.xml It prompts to put a master password and after that, I restart[1] the container but it failed to start with below error: nifi | 2019-12-08 18:57:31,777 INFO [main] o.a.nifi.properties.NiFiPropertiesLoader Loaded 162 properties from /opt/nifi/nifi-current/./conf/nifi.properties *nifi | 2019-12-08 18:57:31,933 INFO [main] o.a.n.properties.ProtectedNiFiProperties There are 5 protected properties of 5 sensitive properties (100%)* nifi | 2019-12-08 18:57:31,935 ERROR [main] org.apache.nifi.NiFi Failure to launch NiFi due to java.lang.IllegalArgumentException: There was an issue decrypting protected properties nifi | java.lang.IllegalArgumentException: There was an issue decrypting protected properties nifi | at org.apache.nifi.NiFi.initializeProperties(NiFi.java:341) nifi | at org.apache.nifi.NiFi.convertArgumentsToValidatedNiFiProperties(NiFi.java:309) nifi | at org.apache.nifi.NiFi.main(NiFi.java:300) nifi | Caused by: java.lang.IllegalArgumentException: The cipher text does not contain the delimiter || -- it should be of the form Base64(IV) || Base64(cipherText) nifi | at org.apache.nifi.properties.AESSensitivePropertyProvider.unprotect(AESSensitivePropertyProvider.java:217) nifi | at org.apache.nifi.properties.ProtectedNiFiProperties.unprotectValue(ProtectedNiFiProperties.java:524) nifi | at org.apache.nifi.properties.ProtectedNiFiProperties.getUnprotectedProperties(ProtectedNiFiProperties.java:343) nifi | at org.apache.nifi.properties.NiFiPropertiesLoader.load(NiFiPropertiesLoader.java:209) nifi | at org.apache.nifi.properties.NiFiPropertiesLoader.load(NiFiPropertiesLoader.java:223) nifi | at org.apache.nifi.properties.NiFiPropertiesLoader.loadDefault(NiFiPropertiesLoader.java:130) nifi | at org.apache.nifi.properties.NiFiPropertiesLoader.get(NiFiPropertiesLoader.java:241) nifi | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) nifi | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) nifi | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) nifi | at java.lang.reflect.Method.invoke(Method.java:498) nifi | at org.apache.nifi.NiFi.initializeProperties(NiFi.java:336) nifi | ... 2 common frames omitted Any idea why it is failing? Thanks, Juan [1] Actually, after that command two entries are generated to nifi.provenance.repository.encryption.key= in the file, one with the plain text and the other encrypted. I have to remove manually the plain text one.