Secret Upload

The DC/OS NiFi supports the uploading of Secrets. The service provides a process to upload a secrets file in all nodes of DC/OS NiFi inside any existing folder or by creating a new folder.

To upload a Secret file to a nifi node, create a secret with the ID nifi/config-secret in the DC/OS Secret Store. The value of the secret should be written in shell scripting format as given below (like adding the AWS credentials file) and then check the enable checkbox inside secrets tab while installing NiFi.

cat > file.properties << EOF 
[default]
accessKey = <ACCESS_KEY_ID>
secretKey = <SECRET_KEY_ID>
EOF

value of secret id created in secret store

Figure 1. - Secret value shown in Secret Store

Prerequisites

A secret with ID of nifi/config-secret stored in the DC/OS Secret Store.

Install the Service

Install the DC/OS NiFi service with the following attributes in addition to your own:

 {
 "service": {
   "name": "nifi"
 },
 "secrets": {
   "enable": true
 }
}

Or enable secrets while installing nifi via UI.

Figure 2. - DC/OS NiFi installation with secrets enabled

Figure 3. - Secret files in the nifi node

Figure 4. - Secret value in nifi node

Access file in DC/OS NiFi UI

You can access any file in the DC/OS NiFi UI, like the secret uploaded earlier in the above example. Use the base path /mnt/mesos/sandbox in addition to your file path:

/mnt/mesos/sandbox/<file_name>

Figure 5. - Accessing a secret file in DC/OS NiFi UI

DC/OS NiFi service secret upload

Prerequisites

Install the Service

Access file in DC/OS NiFi UI