Support Questions
Find answers, ask questions, and share your expertise

Nifi Dynamic Sensitive Data

Explorer

Hi everyone,

I'm newbie to Nifi. I have already configured and build my test server. 

I have different DB connections in my NiFi. However, our DB connection passwords are dynamic in my company. Because we are using CyberArk security system, our DB user passwords are not constant. Our applications send a kind of query to cyberark system to fetch the password on the fly and use that password to connect to DBs. 

My question is how to do this on a NiFi system. Can we configure the sensitive data on the controllers dynamically?

1 REPLY 1

Master Guru

@Yemre 

 

The ability to dynamically fetch secrets/passwords form an external source is not something that exists currently. Doing so would require modification with the every component class that uses sensitive properties.

There is some progress in this path however:
https://issues.apache.org/jira/browse/NIFI-5481

 

This new feature handles pulling secrets from an external vault, but is a NiFi core level feature and does not extend in to individual flow component level.

I recommend raising an Apache NiFi Jira with your specific request. 
https://issues.apache.org/jira/projects/NIFI/

If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post.

Thank you,

Matt