Github user andrewmlim commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1713#discussion_r114130770
--- Diff: nifi-docs/src/main/asciidoc/user-guide.adoc ---
@@ -1799,6 +1799,70 @@ Once "Expand" is selected, the graph is re-drawn to
show the children and their
image:expanded-events.png["Expanded Events"]
+[[encrypted-provenance]]
+=== Encrypted Provenance Repository
+While OS-level access control can offer some security over the provenance
data written to the disk in a repository, there are scenarios where the data
may be sensitive, compliance and regulatory requirements, or NiFi is running on
hardware not under the direct control of the organization (cloud, etc.). In
this case, the provenance repository allows for all data to be encrypted before
being persisted to the disk.
+
+[WARNING]
+.Performance
+============
+The current implementation of the encrypted provenance repository
intercepts the record writer and reader of `WriteAheadProvenanceRepository`,
which offers significant performance improvements over the legacy
`PersistentProvenanceRepository` and uses the `AES/GCM` algorithm, which is
fairly performant on commodity hardware. In most scenarios, the added cost will
not be significant (unnoticable on a flow with hundreds of provenance events
per second, moderately noticable on a flow with thousands - tens of thousands
of events per second). However, administrators should perform their own risk
assessment and performance analysis and decide how to move forward. Switching
back and forth between encrypted/unencrypted implementations is not recommended
at this time.
+============
+
+==== What is it?
+
+The `EncryptedWriteAheadProvenanceRepository` is a new implementation of
the provenance repository which encrypts all event record information before it
is written to the repository. This allows for storage on systems where OS-level
access controls are not sufficient to protect the data while still allowing
querying and access to the data through the NiFi UI/API.
+
+==== How does it work?
+
+The `WriteAheadProvenanceRepository` was introduced in NiFi 1.2.0 and
provided a refactored and much faster provenance repository implementation than
the previous `PersistentProvenanceRepository`. The encrypted version wraps that
implementation with a record writer and reader which encrypt and decrypt the
serialized bytes respectively.
+
+The fully qualified class
`org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository` is
specified as the provenance repository implementation in `nifi.properties` as
the value of `nifi.provenance.repository.implementation`. In addition,
<<administration-guide.adoc#encrypted-write-ahead-provenance-repository-properties,new
properties>> must be populated to allow successful initialization.
+
+===== StaticKeyProvider
+The `StaticKeyProvider` implementation defines keys directly in
`nifi.properties`. Individual keys are provided in hexadecimal encoding (can
also be encrypted like any other sensitive property in `nifi.properties` using
the <<administration-guide.adoc#encrypt-config_tool,`./encrypt-config.sh`>>
tool in the NiFi Toolkit).
--- End diff --
Suggest break up second sentence into two: Individual keys are provided in
hexadecimal encoding. The keys can also be encrypted like any other sensitive
property in `nifi.properties` using the
<<administration-guide.adoc#encrypt-config_tool,`./encrypt-config.sh`>> tool in
the NiFi Toolkit.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
