Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hello! How I can save password (in secure variables/properties ) for DBCPConnectionPool / Processor ?

Highlighted

Hello! How I can save password (in secure variables/properties ) for DBCPConnectionPool / Processor ?

Contributor

This is need for correct working in two environment dev and prod for example.

Nifi 1.5

3 REPLIES 3

Re: Hello! How I can save password (in secure variables/properties ) for DBCPConnectionPool / Processor ?

The recommended approach would be to use NiFi Registry to promote your flow between Dev and Prod.

When using NiFi Registry you should not need to use a variable for sensitive properties, you enter the value as normal in Dev, then save to registry which removes the values, then import to prod and enter the prod password one time. After that, the value in each environment will be retained across upgrades, for example if you go back to dev and make a change and save a new version to registry, then upgrade the flow in prod, you won't have to enter the prod password again.

Re: Hello! How I can save password (in secure variables/properties ) for DBCPConnectionPool / Processor ?

Contributor

Thank you!

But what to do with processor , for example FetchFTP , after import change (version control) from DEV to PROD property: Password "No value set"

Can add pasword to variables (on processor group), but this is not secured.

Re: Hello! How I can save password (in secure variables/properties ) for DBCPConnectionPool / Processor ?

New Contributor

Did you find a solution? 

It makes sense to put a protected password field on a single processor (or controller service). The password won't be passed as an attribute along the flow.

 

It does not make sense to put a (protected) password into a flow attribute, because the password will be exposed.

 

So just make sure that your nifi/-registry is secure. Make sure that the FTP user has limit capabilities.