Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Configure StandardSSLContextService with password from environment variable

Labels:
avatar
author-rank ConstantinPf
New Contributor

Created ‎01-13-2022 12:08 AM

Hello community, 

 

I would like to configure a StandardSSLContextService for kafka to read the password for the keystore from an environment variable. 

Sadly it is not possible to use the "Expression Language" for this sensitive property. 

Background: We are using an operator to provision kafka users. The operator generate a kubernetes secret with the keystore and keystore password. The kubernetes secret is mounted into the nifi container and can be referenced in the StandardSSLContextService. Currently we have to add the password for this keystore manually. But when the kafka user certificate expires and is rotated, the password of the keystore changes too. 
I am looking for a solution to read the password automatically, e.g. by setting it as environment variable in nifi. 

Any idea how I could achive this? Is there a mechanism I am missing?

Thank you a lot for your help,
Constantin 

943 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎01-13-2022 04:03 AM

To answer your question "is there a way to read a parameter from environment inside a parameter context?" No.

 

The way you want to manage password at runtime is not possible. 

View solution in original post

908 Views
3 REPLIES 3

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎01-13-2022 03:05 AM

It is not allowed to set processor password property configuration through environment variable  or variable registry. Only through parameter context values for passwords can be defined at processor group level in nifi. 

918 Views

avatar
author-rank ConstantinPf
New Contributor

Created ‎01-13-2022 03:58 AM

Thank you for the quick reply. 

As far as I see this does not solve my problem. I could create a "Parameter Context" but I would have to hardcode the password as parameter in the parameter context right? Or is there a way to read a parameter from environment inside a parameter context?

910 Views
0 Kudos

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎01-13-2022 04:03 AM

To answer your question "is there a way to read a parameter from environment inside a parameter context?" No.

 

The way you want to manage password at runtime is not possible. 

909 Views
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner