Support Questions

Find answers, ask questions, and share your expertise

Nifi Credentials

Explorer

Nifi - Is there a way where credentials for sftp NIFI can be read from DB and used

3 ACCEPTED SOLUTIONS

Super Collaborator

Yes. Have you ever used expression language to set\get flowfile attributes and use them as parameters for other processors? For example Username and Password on the GetSFTP can be set as follows :

Username: ${my.sftp.db.username}

Password: ${my.sftp.db.password}

 

Both (my.sftp.db.username, my.sftp.db.password) are set once you get this info from DB. For example if use ExecuteSQLRecrod processor where the "SQL Select Query" is set to something like: select username, password from myCredentialTable

Assuming you use JsonWriter to output the data in Json format like:

{

   "username": "...",

   password: "..."

}

Then you can use EvaluateJsonPath to set the attributes by adding dynamic properties to this processor as follows:

 

SAMSAL_0-1673980877061.png

 

Hope that helps. If it does, please accept solution

 

View solution in original post

Master Guru

@hkh The only downside to this dynamic approach is that the passwords are in plaintext as attributes on the FlowFile.  This means that these passwords could be read by users who are authorized to access your NiFi through listing of FlowFiles on a queued connection or through running a provenance query on a processor in that flow and inspecting the returned results.

I have no alternative solution to offer, but wanted you to be aware of downside of adding sensitive values to FlowFile attributes.

Thanks,

Matt

View solution in original post

Explorer
6 REPLIES 6

Super Collaborator

Hi,

 

You can read data from DB using processors like ExecuteSQL or ExecuteSQLRecord. The result can be parsed into flowfile attributes which you can use later to set the credential in the SFPT nifi processor using expression language.

Explorer

Can SFTP creds be dynamic?

Super Collaborator

Yes. Have you ever used expression language to set\get flowfile attributes and use them as parameters for other processors? For example Username and Password on the GetSFTP can be set as follows :

Username: ${my.sftp.db.username}

Password: ${my.sftp.db.password}

 

Both (my.sftp.db.username, my.sftp.db.password) are set once you get this info from DB. For example if use ExecuteSQLRecrod processor where the "SQL Select Query" is set to something like: select username, password from myCredentialTable

Assuming you use JsonWriter to output the data in Json format like:

{

   "username": "...",

   password: "..."

}

Then you can use EvaluateJsonPath to set the attributes by adding dynamic properties to this processor as follows:

 

SAMSAL_0-1673980877061.png

 

Hope that helps. If it does, please accept solution

 

Explorer

Thank you. I will try out the suggested approach.

Master Guru

@hkh The only downside to this dynamic approach is that the passwords are in plaintext as attributes on the FlowFile.  This means that these passwords could be read by users who are authorized to access your NiFi through listing of FlowFiles on a queued connection or through running a provenance query on a processor in that flow and inspecting the returned results.

I have no alternative solution to offer, but wanted you to be aware of downside of adding sensitive values to FlowFile attributes.

Thanks,

Matt

Explorer

Thank you Matt.