emiliosetiadarma commented on a change in pull request #5202: URL: https://github.com/apache/nifi/pull/5202#discussion_r674364245
########## File path: nifi-docs/src/main/asciidoc/toolkit-guide.adoc ########## @@ -504,6 +504,26 @@ This protection scheme uses HashiCorp Vault's Transit Secrets Engine (https://ww |`vault.ssl.trust-store-password`|Truststore password. Required if the Vault server is TLS-enabled|_none_ |=== +==== AWS_KMS +This protection scheme uses AWS Key Management Service (https://aws.amazon.com/kms/) for encryption and decryption. AWS KMS configuration properties can be stored in the `bootstrap-aws.conf` file, as referenced in the `bootstrap.conf` of NiFi or NiFi Registry. If the configuration properties are not specified in `bootstrap-aws.conf`, then the provider will attempt to use the AWS default credentials provider, which checks standard environment variables and system properties. + +===== Required properties +[options="header,footer"] +|=== +|Property Name|Description|Default +|`aws.kms.key.id`|The identifier or ARN that the AWS KMS client uses for encryption and decryption.|_none_ +|=== + +===== Optional properties +====== All of the following must be configured, or will be ignored entirely. +[options="header,footer"] +|=== +|Property Name|Description|Default +|`aws.region`|The AWS region used to configure the AWS KMS Client.|_none_ +|`aws.access.key.id`|The access key ID credential used to access AWS KMS.|_none_ +|`aws.secret.key.id`|The secret key ID credential used to access AWS KMS.|_none_ Review comment: Will make the changes -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
