Secret Upload

DC/OS NiFi service secret upload

The DC/OS NiFi service supports Secret upload. The service provides a process to upload a secrets file in all nodes of DC/OS NiFi inside any existing folder or by creating a new folder.

To upload a secret file in nifi node, create a secret with the ID nifi/config-secret in the DC/OS Secret Store. The value of the secret should be written in shell scripting format as given below (like adding the AWS credentials file) and then check the enable option inside secrets tab while installing NiFi.

cat > file.properties << EOF 
[default]
accessKey = <ACCESS_KEY_ID>
secretKey = <SECRET_KEY_ID>
EOF
value of secret id created in secret store

Figure 1. - Secret value shown in Secret Store

Prerequisites

Install the Service

Install the DC/OS NiFi service with the following attributes in addition to your own:

 {
 "service": {
   "name": "nifi"
 },
 "secrets": {
   "enable": true
 }
}

Or enable secrets through a web interface installation.

nifi installation with secrets enabled

Figure 2. - DC/OS NiFi installation with secrets enabled

secret file inside node

Figure 3. - Secret files in the nifi node

secret value in nifi node

Figure 4. - Secret value in nifi node

Access file in DC/OS NiFi web interface

You can access any file in the DC/OS NiFi web interface, like the secret uploaded earlier in the above example. Use the base path /mnt/mesos/sandbox in addition to your file path:

/mnt/mesos/sandbox/<file_name>
accessing secret file in nifi web interface

Figure 5. - Accessing a secret file in DC/OS NiFi web interface