Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-3388 Provide encrypted repository implementations
  3. NIFI-6994

Handle flowfile repository encryption status change on startup

    XMLWordPrintableJSON

Details

    Description

      If the flowfile repository changes from encrypted -> unencrypted or vice-versa on startup, the application should handle the change.

      • Unencrypted -> encrypted: This is handled by default for SequentialAccessWriteAheadLog -> EncryptedSequentialAccessWriteAheadLog, but RocksDBFlowFileRepository and MinimalLockingWriteAheadLog are not yet covered.
      • Encrypted -> unencrypted: Detect encrypted flowfile records and change SerDeFactory logic to instantiate encrypted serde for decrypt during initial recovery only. This depends on the key(s) for the key IDs used still being available via nifi.properties.

      This process may be very slow given large existing repositories, so a standalone tool should also be made available to perform this process outside of the running app.

      Attachments

        Issue Links

          Activity

            People

              alopresto Andy LoPresto
              alopresto Andy LoPresto
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: