alopresto edited a comment on issue #3968: NIFI-3383 Implemented encrypted flowfile repository URL: https://github.com/apache/nifi/pull/3968#issuecomment-572301627 On a locally-running snapshot build, I ran the following smoke tests with a simple `GenerateFlowFile` (0 second scheduling to max out) -> `UpdateAttribute` (uppercase and lowercase static attribute values, writing to a new attribute and overwriting the existing) -> `LogAttribute` test flow. 1. tested normal configuration (i.e. no changes to `nifi.properties`) - works as expected 1. tested simple encrypted configuration (`StaticKeyProvider` with single key defined) - works as expected 1. tested simple encrypted configuration with existing plaintext flowfile repository - works as expected 1. tested incorrect encrypted configuration (invalid class name for SKP) - clear errors during startup in `nifi-app.log`, initiates shutdown 1. tested multiple available keys (two keys defined in SKP) - works as expected 1. tested missing config (encryption enabled but no available keys) - clear errors during startup in `nifi-app.log`, initiates shutdown 1. tested multiple available keys (following missing config above) - works as expected 1. tested migration back to original key (2nd key still present) - works as expected 1. tested key loss (remove original key entirely) - works as expected 1. if existing flowfile repository with records encrypted using (now missing) key, cannot recover records, clear errors during startup, initiates shutdown 1. if no existing flowfile repository or all records already encrypted using still available key, works as expected 1. tested recovery from process loss (i.e. `kill -9 <nifi_pid>`) - works as expected Sample configuration for `nifi.properties`: ``` # Add or remove lines as necessary ... # FlowFile Repository nifi.flowfile.repository.implementation=org.apache.nifi.controller.repository.WriteAheadFlowFileRepository nifi.flowfile.repository.wal.implementation=org.apache.nifi.wali.EncryptedSequentialAccessWriteAheadLog nifi.flowfile.repository.directory=./flowfile_repository nifi.flowfile.repository.partitions=256 nifi.flowfile.repository.checkpoint.interval=2 mins nifi.flowfile.repository.always.sync=false nifi.flowfile.repository.encryption.key.provider.implementation=org.apache.nifi.security.kms.StaticKeyProvider nifi.flowfile.repository.encryption.key.provider.location= nifi.flowfile.repository.encryption.key.id=K1 nifi.flowfile.repository.encryption.key.id.K1=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 nifi.flowfile.repository.encryption.key.id.K2=0000000000000000000000000000000000000000000000000000000000000000 nifi.flowfile.repository.encryption.key.id.K3=00FF000000000000000000000000000000000000000000000000000000000000 ... ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
