Cloudera Community
TechStream
user rank
Visitor

Re: NiFi 2.8.0 Support for Retrieving Passwords fr...

by Visitor in Support Questions
‎06-05-2026 04:17 AM
‎06-05-2026 04:17 AM
Hi @RAGHUY , Thank you for the information. I have already implemented the HASHICORP_VAULT_KV Sensitive Property Provider configuration as described: Configured bootstrap-hashicorp-vault.conf Added nifi.bootstrap.protection.hashicorp.vault.conf in bootstrap.conf Stored the SSL passwords in Vault KV Used the encrypt-config toolkit (1.27) with the HASHICORP_VAULT_KV protection scheme to replace the plaintext values in nifi.properties However, NiFi is still failing to start. The bootstrap process appears to resolve the secret reference, but when the server initializes, I get the following error: ERROR [main] org.apache.nifi.web.server.JettyServer Failed to start Server org.apache.nifi.security.ssl.BuilderConfigurationException: Key Store loading failed Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect Caused by: java.security.UnrecoverableKeyException: Password verification failed This suggests that the password being used to load the keystore is either not being resolved correctly from Vault or does not match the actual keystore password. To verify the Vault secret itself, I manually retrieved the password from Vault and used it with the keystore, and it appears to be correct. Have you encountered this issue before with the HASHICORP_VAULT_KV protection scheme? Is there a recommended way to verify what value NiFi is resolving from Vault during bootstrap, or any known issues related to keystore/truststore password resolution in NiFi 2.8.0? Thank you. ... View more

NiFi 2.8.0 Support for Retrieving Passwords from H...

by Visitor in Support Questions
‎06-04-2026 10:37 PM
‎06-04-2026 10:37 PM
Hi Team, I am exploring secret management options in Apache NiFi 2.8.0 and would like to understand whether NiFi supports retrieving passwords directly from HashiCorp Vault KV during startup. My use case is to store the following properties in Vault KV rather than in nifi.properties: - nifi.security.keystorePasswd - nifi.security.keyPasswd - nifi.security.truststorePasswd The objective is to avoid storing these sensitive values in plain text on the NiFi host while still allowing NiFi to access them during the bootstrap/startup process. I am specifically interested in startup configuration properties that are required before the application is fully initialized. Has anyone successfully configured NiFi 2.8.0 to retrieve these passwords directly from HashiCorp Vault KV during startup? If so, are there any recommended approaches, examples, or best practices for this use case? Any guidance would be appreciated. Thank you. ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎06-05-2026 04:59 AM
Community Statistics
Member Since ‎06-04-2026 09:59 PM
Last Visited ‎06-05-2026 04:59 AM
Posts 2