Great answer Jim! The source of the credentials and the intended use of the credentials are important to know to ensure a secure flow design. NiFi supports repository encryption, which encrypts FlowFile content and metadata on the node filesystem, and that applies regardless of the Processors configured.
As Jim said, Parameter Providers would be a better fit if the goal is to supply credentials to a particular Processor or Controller Service. If the goal is to send information to another system, then I concur with the recommendation to use either EncryptContentAge or EncryptContenPGP, since the EncryptContent Processor is deprecated and removed from NiFi 2.0.0. Regards, David Handermann On Thu, Apr 11, 2024 at 10:26 AM Jim Steinebrey <jrsteineb...@gmail.com> wrote: > > Hi Cecil, > In response to your questions, > if you store credentials in the contents of an encrypted flow file, then the > credentials contents will be encrypted at rest. > Flow file contents are not accessible from metadata. > > How are you going to use the stored credentials? > Are the credentials going to be used inside NiFi? > > Depending on your use case, you might be able to use NiFi parameters and > ParameterProviders for getting your credentials into NiFi. > I suggest you google NiFi Parameter Providers and read about them. > > I would suggest you develop your flow on NiFi 2.0.0-M2 because it is the > latest and greatest. > but I would not recommend going to production with a milestone release for an > enterprise critical flow, but that is up to you. > I do not know an estimate for the 2.0 final release date. > Be aware EncryptContent is removed in NiFI 2, so I suggest you use > EncryptContentAge or EncryptContentGPG > > Best, > Jim > > > On Apr 11, 2024, at 8:24 AM, Cecil McKenna <cecilcmcke...@gmail.com> wrote: > > > > Hello, > > > > I am a developer new to Apache Nifi, and I am trying to encrypt and store > > credentials in Nifi. I was looking for information regarding the different > > EncryptContent processors, but there isn't much provided in the > > documentation. My question is, if I encrypt a flowfile containing user > > credentials and store them in Nifi, will the credentials themselves remain > > encrypted at rest? From my understanding, the data itself will remain > > encrypted, but the metadata will not. However, the user credentials should > > not be accessible in the flowfile metadata, correct? Could you please > > verify or point me in the right direction? > > > > Thank you! > > > > Best, > > Cecil McKenna >
