Created on 04-10-2024 11:49 PM - edited 04-10-2024 11:54 PM
I use the PutIcebergProcessor to write data to my data lake. Therefore I need to specify a HiveCatalogService. This Service needs HadoopConfigurationResources. This parameter is a path to an xml file containing the credentials to the S3 where the Iceberg files are stored.
My Problem with this, that some content of this file is supposed to be secret to the users interacting with the nifi ui. However, as soon as a UI user knows this path, he can simply use ExecuteProcess Processor to retrieve those information.
Is there any way to keep those information safe?
Reference:
Created 04-15-2024 06:08 AM
ExecuteProcessor is a restricted type of processor that prevents the user from using it and reading anything from the NiFi filesystem path. you can stop users from accessing processors that are restricted, Please refer to the following link to know more.
Created 04-15-2024 06:08 AM
ExecuteProcessor is a restricted type of processor that prevents the user from using it and reading anything from the NiFi filesystem path. you can stop users from accessing processors that are restricted, Please refer to the following link to know more.
Created 04-15-2024 07:33 PM
I agree with ckumar's point and there is one more thing you could do if it makes you feel safer.
You could put the HadoopConfigurationResources file path string into a sensitive parameter and refer to the that parameter (using #{paramname}) in the HiveCatalogService property.