Hello all,
I am trying to protect plain text passwords. I am using the latest docker
image (1.10.0), and edited manually nifi.sensitive.props.key as below
sed -i -e
"s|^nifi.sensitive.props.key=.*$|nifi.sensitive.props.key=${NIFI_SENSITIVE_PROPS_KEY}|"
/opt/nifi/nifi-current/conf/nifi.properties
sed -i -e
"s|^nifi.provenance.repository.encryption.key=.*$|nifi.provenance.repository.encryption.key=${NIFI_SENSITIVE_PROPS_KEY}|"
/opt/nifi/nifi-current/conf/nifi.properties
(this command for some reason does not update the file inside the
Dockerfile, I have to do inside the container).
After updated that property, I run following command inside the container:
bash /opt/nifi/nifi-toolkit-current/bin/encrypt-config.sh -n
/opt/nifi/nifi-current/conf/nifi.properties -b
/opt/nifi/nifi-current/conf/bootstrap.conf -a
/opt/nifi/nifi-current/conf/authorizers.xml -l
/opt/nifi/nifi-current/conf/login-identity-providers.xml
It prompts to put a master password and after that, I restart[1] the
container but it failed to start with below error:
nifi | 2019-12-08 18:57:31,777 INFO [main]
o.a.nifi.properties.NiFiPropertiesLoader Loaded 162 properties from
/opt/nifi/nifi-current/./conf/nifi.properties
*nifi | 2019-12-08 18:57:31,933 INFO [main]
o.a.n.properties.ProtectedNiFiProperties There are 5 protected properties
of 5 sensitive properties (100%)*
nifi | 2019-12-08 18:57:31,935 ERROR [main] org.apache.nifi.NiFi
Failure to launch NiFi due to java.lang.IllegalArgumentException: There was
an issue decrypting protected properties
nifi | java.lang.IllegalArgumentException: There was an issue
decrypting protected properties
nifi | at org.apache.nifi.NiFi.initializeProperties(NiFi.java:341)
nifi | at
org.apache.nifi.NiFi.convertArgumentsToValidatedNiFiProperties(NiFi.java:309)
nifi | at org.apache.nifi.NiFi.main(NiFi.java:300)
nifi | Caused by: java.lang.IllegalArgumentException: The cipher
text does not contain the delimiter || -- it should be of the form
Base64(IV) || Base64(cipherText)
nifi | at
org.apache.nifi.properties.AESSensitivePropertyProvider.unprotect(AESSensitivePropertyProvider.java:217)
nifi | at
org.apache.nifi.properties.ProtectedNiFiProperties.unprotectValue(ProtectedNiFiProperties.java:524)
nifi | at
org.apache.nifi.properties.ProtectedNiFiProperties.getUnprotectedProperties(ProtectedNiFiProperties.java:343)
nifi | at
org.apache.nifi.properties.NiFiPropertiesLoader.load(NiFiPropertiesLoader.java:209)
nifi | at
org.apache.nifi.properties.NiFiPropertiesLoader.load(NiFiPropertiesLoader.java:223)
nifi | at
org.apache.nifi.properties.NiFiPropertiesLoader.loadDefault(NiFiPropertiesLoader.java:130)
nifi | at
org.apache.nifi.properties.NiFiPropertiesLoader.get(NiFiPropertiesLoader.java:241)
nifi | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
nifi | at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
nifi | at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
nifi | at java.lang.reflect.Method.invoke(Method.java:498)
nifi | at org.apache.nifi.NiFi.initializeProperties(NiFi.java:336)
nifi | ... 2 common frames omitted
Any idea why it is failing?
Thanks,
Juan
[1] Actually, after that command two entries are generated to
nifi.provenance.repository.encryption.key= in the file, one with the plain
text and the other encrypted. I have to remove manually the plain text one.
