Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

securing secrets when using Nifi PutIceberg Processor

avatar
author-rank jnk32
New Contributor

Created on ‎04-10-2024 11:49 PM - edited ‎04-10-2024 11:54 PM

I use the PutIcebergProcessor to write data to my data lake. Therefore I need to specify a HiveCatalogService. This Service needs HadoopConfigurationResources. This parameter is a path to an xml file containing the credentials to the S3 where the Iceberg files are stored.

My Problem with this, that some content of this file is supposed to be secret to the users interacting with the nifi ui. However, as soon as a UI user knows this path, he can simply use ExecuteProcess Processor to retrieve those information. 

Is there any way to keep those information safe?

 

Reference:

149 Views
1 ACCEPTED SOLUTION

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎04-15-2024 06:08 AM

 

ExecuteProcessor is a restricted type of processor that prevents the user from using it and reading anything from the NiFi filesystem path. you can stop users from accessing processors that are restricted, Please refer to the following link to know more. 

https://community.cloudera.com/t5/Community-Articles/NiFi-Restricted-Components-Policy-Descriptions/...

View solution in original post

108 Views
2 REPLIES 2

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎04-15-2024 06:08 AM

 

ExecuteProcessor is a restricted type of processor that prevents the user from using it and reading anything from the NiFi filesystem path. you can stop users from accessing processors that are restricted, Please refer to the following link to know more. 

https://community.cloudera.com/t5/Community-Articles/NiFi-Restricted-Components-Policy-Descriptions/...

109 Views

avatar
author-rank Jim_Steinebrey
Explorer

Created ‎04-15-2024 07:33 PM

I agree with ckumar's point and there is one more thing you could do if it makes you feel safer.
You could put the HadoopConfigurationResources file path string into a sensitive parameter and refer to the that parameter (using #{paramname}) in the HiveCatalogService property.

90 Views
webinar banner
Announcements
Community Announcements
April 2024 Community Highlights
Community Announcements
January 2024 Community Highlights
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
View More Announcements
meetups banner