Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-3388 Provide encrypted repository implementations
  3. NIFI-6994

Handle flowfile repository encryption status change on startup

    XMLWordPrintableJSON

    Details

      Description

      If the flowfile repository changes from encrypted -> unencrypted or vice-versa on startup, the application should handle the change.

      • Unencrypted -> encrypted: This is handled by default for SequentialAccessWriteAheadLog -> EncryptedSequentialAccessWriteAheadLog, but RocksDBFlowFileRepository and MinimalLockingWriteAheadLog are not yet covered.
      • Encrypted -> unencrypted: Detect encrypted flowfile records and change SerDeFactory logic to instantiate encrypted serde for decrypt during initial recovery only. This depends on the key(s) for the key IDs used still being available via nifi.properties.

      This process may be very slow given large existing repositories, so a standalone tool should also be made available to perform this process outside of the running app.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                alopresto Andy LoPresto
                Reporter:
                alopresto Andy LoPresto
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: