Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1261
@YolandaMDavis caught a tricky one. When performing the migration of
`flow.xml.gz` with an already-encrypted `nifi.properties` but using the
`-x`/`--encryptFlowXmlOnly` flag, the new `nifi.sensitive.props.key` value is
manually encrypted and updated in the `NiFiProperties` object before being
re-serialized to the file. However, because this was not going through the
normal "encrypt the entire object" logic, the protection scheme in
`nifi.sensitive.props.key.protected` was being erased. This resulted in cipher
text being stored as the key without an indicator of how to decrypt it.
I added an assertion in the test covering this scenario and was able to
reproduce immediately. I applied the fix and pushed. Thanks Yolanda.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
