Phil, The section of the post describing setting the sensitive properties algorithm includes an example toolkit command that can be used to change the sensitive properties algorithm:
https://exceptionfactory.com/posts/2021/07/29/deciphering-apache-nifi-component-property-encryption/#setting-the-sensitive-properties-algorithm When upgrading from a previous version of NiFi, you need to start with the previous default value for the algorithm specified in nifi.properties: nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL With that value, you should be able to run the set-sensitive-properties-key command. If you want to change the algorithm to the new default of NIFI_PBKDF2_AES_GCM_256, then you can use the encrypt-config.sh toolkit command described. Regards, David Handermann On Tue, Dec 21, 2021 at 4:43 PM Joe Witt <[email protected]> wrote: > Phil > > Not sure if this helps but DavidH wrote this > > https://exceptionfactory.com/posts/2021/07/29/deciphering-apache-nifi-component-property-encryption/#mandatory-sensitive-properties-key > > Thanks > > On Tue, Dec 21, 2021 at 3:38 PM Phil H <[email protected]> wrote: > > > > Hi there, > > > > I am in the process of trying to upgrade from 13.2 to 15.1. I did not > have > > a sensitive props key set previously. Based on the upgrade guide, I ran > > > > nifi.sh set-sensitive-properties-key APassword > > > > When I ran nifi, it was complaining about a lack of specified algorithm. > I > > ran up a new installation of 15.1 on another machine which automatically > > specified an algorithm of NIFI_PBKDF2_AES_GCM_256. I copied this value to > > my existing install’s nifi.properties. > > > > When I run nifi now, it halts with a javax.crypto.AEADBadTagException: > mac > > check in GCM failed > > > > If I try the same set-sensitive-properties-key command again, it now > fails > > with the same ‘GCM failed’ exception. If I remove the algorithm line from > > the nifi.properties file, this command works, but then starting nifi > gives > > me an “NullPointerException: Algorithm required” > > > > Not sure what I am missing here! > > > > Help! > > > > Thanks, > > Phil >
