Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

securing secrets when using Nifi PutIceberg Processor

avatar
author-rank jnk32
New Contributor

Created on ‎04-10-2024 11:49 PM - edited ‎04-10-2024 11:54 PM

I use the PutIcebergProcessor to write data to my data lake. Therefore I need to specify a HiveCatalogService. This Service needs HadoopConfigurationResources. This parameter is a path to an xml file containing the credentials to the S3 where the Iceberg files are stored.

My Problem with this, that some content of this file is supposed to be secret to the users interacting with the nifi ui. However, as soon as a UI user knows this path, he can simply use ExecuteProcess Processor to retrieve those information. 

Is there any way to keep those information safe?

 

Reference:

980 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎04-15-2024 06:08 AM

 

ExecuteProcessor is a restricted type of processor that prevents the user from using it and reading anything from the NiFi filesystem path. you can stop users from accessing processors that are restricted, Please refer to the following link to know more. 

https://community.cloudera.com/t5/Community-Articles/NiFi-Restricted-Components-Policy-Descriptions/...

View solution in original post

939 Views
0
2 REPLIES 2

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎04-15-2024 06:08 AM

 

ExecuteProcessor is a restricted type of processor that prevents the user from using it and reading anything from the NiFi filesystem path. you can stop users from accessing processors that are restricted, Please refer to the following link to know more. 

https://community.cloudera.com/t5/Community-Articles/NiFi-Restricted-Components-Policy-Descriptions/...

940 Views
0

avatar
author-rank Jim_Steinebrey
Explorer

Created ‎04-15-2024 07:33 PM

I agree with ckumar's point and there is one more thing you could do if it makes you feel safer.
You could put the HadoopConfigurationResources file path string into a sensitive parameter and refer to the that parameter (using #{paramname}) in the HiveCatalogService property.

921 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements