The EncryptContent processor does not record in/alongside the flowfile content the necessary encryption metadata to decrypt the data later. This information must be manually recorded and synchronized throughout the system, which is dangerous. Similar to the EncryptedWriteAheadProvenanceRepository implementation, the necessary encryption metadata (algorithm, key ID/other reference, encryption operation, KDF, version, etc.) should be recorded as attributes on the child flowfile.
The processor should also be updated to allow for dynamic recognition of incoming flowfiles with encryption metadata and not to require hardcoded values for certain configuration fields in that case.