question Re: Nifi not able to load available buckets in nifi registry in Support Questions https://community.cloudera.com/t5/Support-Questions/Nifi-not-able-to-load-available-buckets-in-nifi-registry/m-p/330325#M230645 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/93216">@Yemre</a>&nbsp;<BR /><BR />Authorizing your user is not enough.<BR />The NiFi nodes themselves need to be able to successfully authenticate via a mutual TLS handshake with the target NiFi-Registry.&nbsp; Those nodes then need to be authorized to read all buckets and given read/write to proxy user requests.<BR /><BR />When a User authenticates in to NiFi, that user entity is authorized to perfrom actions based on authorizations in NiFi. When it comes to NiFi then talking to NiFi-Registry, The NiFi node is proxying request to the NiFi-Registry on behalf of the user authenticated into NiFi.<BR /><BR />Also background threads in NiFi just like the NiFi processors added to the canvas are not executing as the user authenticated in to NiFi.&nbsp; So in the background NiFi connects to NiFi-Registry to check on current version controlled process groups to see of newer versions exist.<BR /><BR />While you are granting your NiFi nodes the ability to read all buckets, the NiFi users should be given read and write authorizations to the specific buckets that that user is going to sue to version control their Process Group.<BR /><BR /></P><P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/93216">@Yemre</a>&nbsp;</P><P>&nbsp;</P><P>The ability to dynamically fetch secrets/passwords form an external source is not something that exists currently. Doing so would require modification with the every component class that uses sensitive properties.<BR /><BR />There is some progress in this path however:<BR /><A href="https://issues.apache.org/jira/browse/NIFI-5481" target="_blank">https://issues.apache.org/jira/browse/NIFI-5481</A></P><P>&nbsp;</P><P>This new feature handles pulling secrets from an external vault, but is a NiFi core level feature and does not extend in to individual flow component level.<BR /><BR />I recommend raising an Apache NiFi Jira with your specific request.&nbsp;<BR /><A href="https://issues.apache.org/jira/projects/NIFI/" target="_blank">https://issues.apache.org/jira/projects/NIFI/</A><BR /><BR /></P><P>If you found this response assisted with your query, please take a moment to login and click on "<STRONG>Accept as Solution</STRONG>" below this post.<BR /><BR />Thank you,</P><P>Matt</P> Tue, 16 Nov 2021 14:20:36 GMT MattWho 2021-11-16T14:20:36Z