ADLSCredentialsControllerService 2.0.0

Bundle
org.apache.nifi | nifi-azure-nar
Description
Defines credentials for ADLS processors.
Tags
adls, azure, cloud, credentials, microsoft, storage
Input Requirement
Supports Sensitive Dynamic Properties
false
  • Additional Details for ADLSCredentialsControllerService 2.0.0

    ADLSCredentialsControllerService

    Security considerations of using Expression Language for sensitive properties

    Allowing Expression Language for a property has the advantage of configuring the property dynamically via FlowFile attributes or Variable Registry entries. In case of sensitive properties, it also has a drawback of exposing sensitive information like passwords, security keys or tokens. When the value of a sensitive property comes from a FlowFile attribute, it travels by the FlowFile in clear text form and is also saved in the provenance repository. Variable Registry does not support the encryption of sensitive information either. Due to these, the sensitive credential data can be exposed to unauthorized parties.

    Best practices for using Expression Language for sensitive properties:

    • use it only if necessary
    • control access to the flow and to provenance repository
    • encrypt disks storing FlowFiles and provenance data
    • if the sensitive data is a temporary token (like the SAS token), use a shorter lifetime and refresh the token periodically
Properties