Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

How can NiFi integrate with hashicorp vault to store sensitive information

Labels:
avatar
author-rank Umakanth
Explorer

Created on ‎02-13-2020 03:04 AM - last edited on ‎02-13-2020 03:09 AM by Community Manager Community Manager

We want to store our sensitive information such as passwords, private keys in Vault and retrieve it from Vault on need basis, kindly share your inputs which is much needed.

3,435 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Super Mentor

Created ‎02-13-2020 05:31 AM

@Umakanth 

 

NiFi components (Processors, controller services, reporting tasks, etc.) that have password properties do not support retrieving these passwords from an external source or service.  NiFi not only obscures the passwords in the UI, but also encrypts all those passwords when they are written to disk in the flow.xml.gz.  Additionally, for passwords entered in the various NiFi configuration files, NiFi offers and encrypt config toolkit that can encrypt all these sensitive properties in these configuration files on disk.

 

I suggest maybe opening an Apache NiFi Jira with details around what you are trying to accomplish here for a possible future feature.
- For passwords utilized through NiFi dataflow components, my thought here would be maybe around a NiFi controller service for connecting to such external services.  This would also require that processors that would need to use this new NiFi Controller Service to retrieve passwords would all need to be modified as well with new configuration properties to interface with the new controller service.   This is by no means a simple change in NiFi, but getting the idea out there with some strong use case for it can get the ball rolling in the community.

 

Hope this helps,

Matt

View solution in original post

3,422 Views
2 REPLIES 2

avatar
author-rank MattWho author-rank
Super Mentor

Created ‎02-13-2020 05:31 AM

@Umakanth 

 

NiFi components (Processors, controller services, reporting tasks, etc.) that have password properties do not support retrieving these passwords from an external source or service.  NiFi not only obscures the passwords in the UI, but also encrypts all those passwords when they are written to disk in the flow.xml.gz.  Additionally, for passwords entered in the various NiFi configuration files, NiFi offers and encrypt config toolkit that can encrypt all these sensitive properties in these configuration files on disk.

 

I suggest maybe opening an Apache NiFi Jira with details around what you are trying to accomplish here for a possible future feature.
- For passwords utilized through NiFi dataflow components, my thought here would be maybe around a NiFi controller service for connecting to such external services.  This would also require that processors that would need to use this new NiFi Controller Service to retrieve passwords would all need to be modified as well with new configuration properties to interface with the new controller service.   This is by no means a simple change in NiFi, but getting the idea out there with some strong use case for it can get the ball rolling in the community.

 

Hope this helps,

Matt

3,423 Views

avatar
author-rank Umakanth
Explorer

Created on ‎02-13-2020 05:52 AM - edited ‎02-13-2020 05:52 AM

Thank you for sharing your thoughts around this integration, it really really helps.

I will try to do a POC based out of your suggestion

3,417 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements