[
https://issues.apache.org/jira/browse/NIFI-6994?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann reassigned NIFI-6994:
--------------------------------------
Assignee: (was: Andy LoPresto)
> Handle flowfile repository encryption status change on startup
> --------------------------------------------------------------
>
> Key: NIFI-6994
> URL: https://issues.apache.org/jira/browse/NIFI-6994
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Core Framework
> Affects Versions: 1.2.0
> Reporter: Andy LoPresto
> Priority: Major
> Labels: encryption, provenance, security
>
> If the flowfile repository changes from encrypted -> unencrypted or
> vice-versa on startup, the application should handle the change.
> * Unencrypted -> encrypted: This is handled by default for
> {{SequentialAccessWriteAheadLog}} ->
> {{EncryptedSequentialAccessWriteAheadLog}}, but {{RocksDBFlowFileRepository}}
> and {{MinimalLockingWriteAheadLog}} are not yet covered.
> * Encrypted -> unencrypted: Detect encrypted flowfile records and change
> SerDeFactory logic to instantiate encrypted serde for decrypt during initial
> recovery only. This depends on the key(s) for the key IDs used still being
> available via {{nifi.properties}}.
> This process may be very slow given large existing repositories, so a
> standalone tool should also be made available to perform this process outside
> of the running app.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
