nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kdo...@apache.org
Subject [nifi-registry] branch main updated: NIFIREG-427 Updated references to root key instead of master key in Admin Guide
Date Fri, 23 Oct 2020 19:58:30 GMT
This is an automated email from the ASF dual-hosted git repository.

kdoran pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-registry.git


The following commit(s) were added to refs/heads/main by this push:
     new e6bff3d  NIFIREG-427 Updated references to root key instead of master key in Admin
Guide
e6bff3d is described below

commit e6bff3dc5929a17ce7da1acdb16ff82d7439dfbc
Author: Andrew Lim <andrewlim.apache@gmail.com>
AuthorDate: Fri Oct 23 15:52:31 2020 -0400

    NIFIREG-427 Updated references to root key instead of master key in Admin Guide
---
 .../src/main/asciidoc/administration-guide.adoc    | 40 +++++++++++-----------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/nifi-registry-core/nifi-registry-docs/src/main/asciidoc/administration-guide.adoc
b/nifi-registry-core/nifi-registry-docs/src/main/asciidoc/administration-guide.adoc
index 2510058..0276693 100644
--- a/nifi-registry-core/nifi-registry-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-registry-core/nifi-registry-docs/src/main/asciidoc/administration-guide.adoc
@@ -746,21 +746,21 @@ The `encrypt-config` command line tool can be used to encrypt NiFi Registry
conf
 
 You can use the following command line options with the `encrypt-config` tool:
 
- * `-h`,`--help`                                  Show usage information (this message)
- * `-v`,`--verbose`                               Enables verbose mode (off by default)
- * `-p`,`--password <password>`                   Protect the files using a password-derived
key. If an argument is not provided to this flag, interactive mode will be triggered to prompt
the user to enter the password.
- * `-k`,`--key <keyhex>`                          Protect the files using a raw hexadecimal
key. If an argument is not provided to this flag, interactive mode will be triggered to prompt
the user to enter the key.
- * `--oldPassword <password>`                     If the input files are already protected
using a password-derived key, this specifies the old password so that the files can be unprotected
before re-protecting.
- * `--oldKey <keyhex>`                            If the input files are already protected
using a key, this specifies the raw hexadecimal key so that the files can be unprotected before
re-protecting.
- * `-b`,`--bootstrapConf <file>`                  The _bootstrap.conf_ file containing
no master key or an existing master key. If a new password/key is specified and no output
bootstrap.conf file is specified, then this file will be overwritten to persist the new master
key.
- * `-B`,`--outputBootstrapConf <file>`            The destination _bootstrap.conf_
file to persist master key. If specified, the input _bootstrap.conf_ will not be modified.
- * `-r`,`--nifiRegistryProperties <file>`         The _nifi-registry.properties_ file
containing unprotected config values, overwritten if no output file specified.
- * `-R`,`--outputNifiRegistryProperties <file>`   The destination _nifi-registry.properties_
file containing protected config values.
- * `-a`,`--authorizersXml <file>`                 The _authorizers.xml_ file containing
unprotected config values, overwritten if no output file specified.
- * `-A`,`--outputAuthorizersXml <file>`           The destination _authorizers.xml_
file containing protected config values.
- * `-i`,`--identityProvidersXml <file>`           The _identity-providers.xml_ file
containing unprotected config values, overwritten if no output file specified.
- * `-I`,`--outputIdentityProvidersXml <file>`     The destination _identity-providers.xml_
file containing protected config values.
-
+* `-h`,`--help`                                 Show usage information (this message)
+* `-v`,`--verbose`                              Sets verbose mode (default false)
+* `-p`,`--password <password>`                  Protect the files using a password-derived
key. If an argument is not provided to this flag, interactive mode will be triggered to prompt
the user to enter the password.
+* `-k`,`--key <keyhex>`                         Protect the files using a raw hexadecimal
key. If an argument is not provided to this flag, interactive mode will be triggered to prompt
the user to enter the key.
+* `--oldPassword <password>`                    If the input files are already protected
using a password-derived key, this specifies the old password so that the files can be unprotected
before re-protecting.
+* `--oldKey <keyhex>`                           If the input files are already protected
using a key, this specifies the raw hexadecimal key so that the files can be unprotected before
re-protecting.
+* `-b`,`--bootstrapConf <file>`                 The _bootstrap.conf_ file containing
no root key or an existing root key. If a new password or key is specified (using `-p` or
`-k`) and no output _bootstrap.conf_ file is specified, then this file will be overwritten
to persist the new root key.
+* `-B`,`--outputBootstrapConf <file>`           The destination _bootstrap.conf_ file
to persist root key. If specified, the input _bootstrap.conf_ will not be modified.
+* `-r`,`--nifiRegistryProperties <file>`        The _nifi-registry.properties_ file
containing unprotected config values, overwritten if no output file specified.
+* `-R`,`--outputNifiRegistryProperties <file>`  The destination _nifi-registry.properties_
file containing protected config values.
+* `-a`,`--authorizersXml <file>`                The _authorizers.xml_ file containing
unprotected config values, overwritten if no output file specified.
+* `-A`,`--outputAuthorizersXml <file>`          The destination _authorizers.xml_ file
containing protected config values.
+* `-i`,`--identityProvidersXml <file>`          The _identity-providers.xml_ file containing
unprotected config values, overwritten if no output file specified.
+* `-I`,`--outputIdentityProvidersXml <file>`    The destination _identity-providers.xml_
file containing protected config values.
+* `--decrypt`                                   Can be used with `-r` to decrypt a previously
encrypted NiFi Registry Properties file. Decrypted content is printed to STDOUT.
 
 As an example of how the tool works, assume that you have installed the tool on a machine
supporting 256-bit encryption and with the following existing values in the _nifi-registry.properties_
file:
 
@@ -778,7 +778,7 @@ nifi.registry.security.truststorePasswd=
 Enter the following arguments when using the tool:
 
 ----
-./bin/encrypt-config.sh nifi-registry \
+./bin/encrypt-config.sh --nifiRegistry \
 -b bootstrap.conf \
 -k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 \
 -r nifi-registry.properties
@@ -819,7 +819,7 @@ When applied to _identity-providers.xml_ or _authorizers.xml_, the property
elem
 Additionally, the _bootstrap.conf_ file is updated with the encryption key as follows:
 
 ----
-# Master key in hexadecimal format for encrypted sensitive configuration values
+# Root key in hexadecimal format for encrypted sensitive configuration values
 nifi.registry.bootstrap.sensitive.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
 ----
 
@@ -828,16 +828,16 @@ To encrypt additional properties, specify them as comma-separated values
in the
 
 
 If the _nifi-registry.properties_ file already has valid protected values and you wish to
protect additional values using the
-same master key already present in your _bootstrap.conf_, then run the tool without specifying
a new key:
+same root key already present in your _bootstrap.conf_, then run the tool without specifying
a new key:
 
 ----
-# bootstrap.conf already contains master key property
+# bootstrap.conf already contains root key property
 # nifi-registy.properties has been updated for nifi.registry.sensitive.props.additional.keys=...
 
 ./bin/encrypt-config.sh --nifiRegistry -b bootstrap.conf -r nifi-registry.properties
 ----
 
-[sensistive_property_key_migration]
+[sensitive_property_key_migration]
 === Sensitive Property Key Migration
 
 In order to change the key used to encrypt the sensitive values, provide the new key or password
using the `-k` or `-p` flags as usual,


Mime
View raw message