Details
Blocker Description
In NIFI-4942, new functionality was added to allow Ambari clients to perform the encrypted configuration migration without providing the original password or key by using a secure hash of the original credential to demonstrate knowledge of that value. The Ambari team found another way on their end to perform this action, and rather than allow the ./secure_hash.key behavior to be released and then removed at a later time, complicating our security posture and potentially creating difficult support cases, it is better to remove it completely before the 1.7.0 release.
However, it is not as simple as just backing out a few commits, as necessary refactoring of the tool code also occurred at that time. I will remove this feature while maintaining the improvements made to the toolkit.
Attachments
Issue Links
- supercedes
-
NIFI-5100 Toolkit encrypt-config.sh should expose an option to specify where to store secure_hash.key
-
- Resolved
-
- links to
