As a flexible system for processing data to and from a variety of services, Apache NiFi provides a powerful set of capabilities. Configuration integrity and access security are essential framework features.
Recent Apache NiFi releases have included a number of security-oriented improvements, ranging from automated HTTPS configuration to externalization of sensitive application properties. This presentation covers the implementation details involved with automatic certificate generation, password-based key derivation, JSON Web Token signing, repository encryption, and sensitive property management using external services.
Through a combination of relevant code samples and capability demonstrations, this presentation describes framework security advances that involve both user interaction and application configuration.
Providing a basic summary of selected cryptographic algorithm differences, along with code changes, will enable participants to understand the impact of various improvements. Walking through new and improved configuration capabilities allows administrators to optimize deployment security. Highlighting key implementation details encourages software developers to review and incorporate applicable security strategies.