Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

sensitive value access key, secret key and password not showing after importing from NiFi Registry

avatar

Hi Team,

am trying to import template  from NiFi registry, when imported template is not showing access key, secret key and password??

i wanted to know is there any solution for store sensitive value in cluster when we import template from Nifi registry it show value? 

is there any solution for that??

 

Thanks,

Anil

5 REPLIES 5

avatar
Super Guru

@Former Member 

 

The solution is to use variables (in older versions (<= 1.9 and on) and parameters (1.10 and on).

 

 

avatar

Thanks @stevenmatison  how and where use variables in Nifi please explain me in steps??

i'm using NiFi version 1.9 suggest me!!

 

Thanks,

 Anil

avatar
Super Guru

@Former Member here is an article that explains how to use variables:

 

https://community.cloudera.com/t5/Community-Articles/Introduction-into-Process-Group-Variables/ta-p/247625

 

You should create important variables at the main root canvas level for all your NiFi environments.  Then access these variables within your NiFi Registry controlled process groups via variable syntax: ${variableName}.   Then when you import that to another environment the variables already exist and the flow works after importing.

 

 

avatar

@stevenmatison  thanks, i tried solution but it's not working for sensitive value again,

when committing template to nifi registry then importing same template remaining variables showing values but sensitive value is not set.

@stevenmatison you have any other solution for sensitive value?

 

once again thanks @stevenmatison  for quick replay.

avatar
Super Guru

@Former Member I think you misunderstood the Variable Scoping.   All sensitive values in templates and registry controlled process groups do not migrate to the new instance.    These sensitive values should be set at the Root NiFi Canvas level per environment.  Then when you import a template, or in your case, a version controlled process group, the values are already set per environment.

 

For example:  Let's say we have 3 environments: dev, staging, and prod.   Each host has its own "database" host with different database tables, users and passwords.   I want all 3 environments to run a single flow with NiFi Registry Version Control.   I create the flows database controller services using ${host}, ${user}, ${pass}, ${database}, etc.  Now in each environment, at the root level,  I define each variable.    Since the sensitive value is defined at a higher Variable Scoping level (root canvas level or other higher level) it will be available to any template or version controlled process group at any lower Variable Scoping level.