Remove Repository Encryption

NiFi introduced initial support for provenance repository encryption in version 1.2.0 and and expanded support to other repositories in versions 1.10.0 and 1.11.0. NiFi 1.15.0 introduced refactored support for repository encryption, but retained the same fundamental implementation strategy.

The initial implementation support AES with configurable key sizes, using AES-CTR for the content repository and AES-GCM for the FlowFile and Provenance repositories. Although the foundational algorithms provide good security, the implementation itself has several fundamental issues, including use of Java Object serialization for metadata storage, storing the encryption key on the same file system, and the limitations around key reuse for AES.

The current implementation for Java Object serialization mitigates some potential issues, but fundamental conflicts related to class names and structures are inherent with Java Object serialization.

Storing the encryption key on the file system provides limited security and raises questions about the overall threat model for repository encryption.

AES has size limitations for the security related to the number of encryption operations for the same key. Although manual key rotation is an option in the current setup, it is not required, presenting other security concerns.

Based on the current implementation issues, the repository encryption components should be removed from the main branch. Consideration of a future implementation should begin with key storage solutions, similar to the concerns surrounding encryption of application properties.