• Home
• org.apache.nifi
• nifi-azure-processors
• 2.1.0
• source code
• additionalDetails.md

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

docs.org.apache.nifi.services.azure.storage.ADLSCredentialsControllerService.additionalDetails.md Maven / Gradle / Ivy

# ADLSCredentialsControllerService

### Security considerations of using Expression Language for sensitive properties

Allowing Expression Language for a property has the advantage of configuring the property dynamically via FlowFile
attributes or Variable Registry entries. In case of sensitive properties, it also has a drawback of exposing sensitive
information like passwords, security keys or tokens. When the value of a sensitive property comes from a FlowFile
attribute, it travels by the FlowFile in clear text form and is also saved in the provenance repository. Variable
Registry does not support the encryption of sensitive information either. Due to these, the sensitive credential data
can be exposed to unauthorized parties.

Best practices for using Expression Language for sensitive properties:

* use it only if necessary
* control access to the flow and to provenance repository
* encrypt disks storing FlowFiles and provenance data
* if the sensitive data is a temporary token (like the SAS token), use a shorter lifetime and refresh the token
  periodically