Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Configure StandardSSLContextService with password from environment variable

Labels:
avatar
author-rank ConstantinPf
New Contributor

Created ‎01-13-2022 12:08 AM

Hello community, 

 

I would like to configure a StandardSSLContextService for kafka to read the password for the keystore from an environment variable. 

Sadly it is not possible to use the "Expression Language" for this sensitive property. 

Background: We are using an operator to provision kafka users. The operator generate a kubernetes secret with the keystore and keystore password. The kubernetes secret is mounted into the nifi container and can be referenced in the StandardSSLContextService. Currently we have to add the password for this keystore manually. But when the kafka user certificate expires and is rotated, the password of the keystore changes too. 
I am looking for a solution to read the password automatically, e.g. by setting it as environment variable in nifi. 

Any idea how I could achive this? Is there a mechanism I am missing?

Thank you a lot for your help,
Constantin 

1,530 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎01-13-2022 04:03 AM

To answer your question "is there a way to read a parameter from environment inside a parameter context?" No.

 

The way you want to manage password at runtime is not possible. 

View solution in original post

1,495 Views
0
3 REPLIES 3

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎01-13-2022 03:05 AM

It is not allowed to set processor password property configuration through environment variable  or variable registry. Only through parameter context values for passwords can be defined at processor group level in nifi. 

1,505 Views

avatar
author-rank ConstantinPf
New Contributor

Created ‎01-13-2022 03:58 AM

Thank you for the quick reply. 

As far as I see this does not solve my problem. I could create a "Parameter Context" but I would have to hardcode the password as parameter in the parameter context right? Or is there a way to read a parameter from environment inside a parameter context?

1,497 Views
0 Kudos

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎01-13-2022 04:03 AM

To answer your question "is there a way to read a parameter from environment inside a parameter context?" No.

 

The way you want to manage password at runtime is not possible. 

1,496 Views
0
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements