Azure Key Vault Secret Provider
This protection scheme uses secrets managed by https://docs.microsoft.com/en-us/azure/key-vault/secrets/about-secrets for storing and retrieving protected properties.
Azure Key Vault configuration properties can be stored in the bootstrap-azure.conf file, as referenced in the bootstrap.conf of NiFi or NiFi Registry. The provider will use the https://docs.microsoft.com/en-us/java/api/com.azure.identity.defaultazurecredential for authentication. The https://docs.microsoft.com/en-us/java/api/overview/azure/identity-readme#key-concepts client library describes the process for credentials resolution, which leverages environment variables, system properties, and falls back to https://docs.microsoft.com/en-us/java/api/overview/azure/identity-readme#managed-identity-support authentication.
Names of secrets stored in Azure Key Vault support alphanumeric and dash characters, but do not support characters such as / or .. For this reason, NiFi replaces these characters with - when storing and retrieving secrets. The following table provides an example property name mapping:
| Property Context | Property Name | Secret Name |
|---|---|---|
|
|
|
|
