Support Questions

DianaTorres · ‎01-16-2023

Nifi - Is there a way where credentials for sftp NIFI can be read from DB and used

SAMSAL · ‎01-17-2023

Yes. Have you ever used expression language to set\get flowfile attributes and use them as parameters for other processors? For example Username and Password on the GetSFTP can be set as follows :

Username: ${my.sftp.db.username}

Password: ${my.sftp.db.password}

Both (my.sftp.db.username, my.sftp.db.password) are set once you get this info from DB. For example if use ExecuteSQLRecrod processor where the "SQL Select Query" is set to something like: select username, password from myCredentialTable

Assuming you use JsonWriter to output the data in Json format like:

{

"username": "...",

password: "..."

}

Then you can use EvaluateJsonPath to set the attributes by adding dynamic properties to this processor as follows:

Hope that helps. If it does, please accept solution

View solution in original post

MattWho · ‎01-17-2023

@hkh The only downside to this dynamic approach is that the passwords are in plaintext as attributes on the FlowFile. This means that these passwords could be read by users who are authorized to access your NiFi through listing of FlowFiles on a queued connection or through running a provenance query on a processor in that flow and inspecting the returned results.

I have no alternative solution to offer, but wanted you to be aware of downside of adding sensitive values to FlowFile attributes.

Thanks,

Matt

View solution in original post

hkh · ‎01-18-2023

Thank you Matt.

View solution in original post

SAMSAL · ‎01-16-2023

Hi,

You can read data from DB using processors like ExecuteSQL or ExecuteSQLRecord. The result can be parsed into flowfile attributes which you can use later to set the credential in the SFPT nifi processor using expression language.

hkh · ‎01-17-2023

Can SFTP creds be dynamic?

SAMSAL · ‎01-17-2023

Yes. Have you ever used expression language to set\get flowfile attributes and use them as parameters for other processors? For example Username and Password on the GetSFTP can be set as follows :

Username: ${my.sftp.db.username}

Password: ${my.sftp.db.password}

Both (my.sftp.db.username, my.sftp.db.password) are set once you get this info from DB. For example if use ExecuteSQLRecrod processor where the "SQL Select Query" is set to something like: select username, password from myCredentialTable

Assuming you use JsonWriter to output the data in Json format like:

{

"username": "...",

password: "..."

}

Then you can use EvaluateJsonPath to set the attributes by adding dynamic properties to this processor as follows:

Hope that helps. If it does, please accept solution

hkh · ‎01-17-2023

Thank you. I will try out the suggested approach.

MattWho · ‎01-17-2023

@hkh The only downside to this dynamic approach is that the passwords are in plaintext as attributes on the FlowFile. This means that these passwords could be read by users who are authorized to access your NiFi through listing of FlowFiles on a queued connection or through running a provenance query on a processor in that flow and inspecting the returned results.

I have no alternative solution to offer, but wanted you to be aware of downside of adding sensitive values to FlowFile attributes.

Thanks,

Matt

hkh · ‎01-18-2023

Thank you Matt.

Cloudera Community

Support Questions

Nifi Credentials