Hi Pompilio, Unfortunately, NiFi does not currently offer a mechanism to protect flowfile attributes. We are currently investigating feature enhancements like attribute protection, marking it as sensitive (i.e. restricting access and not displaying during provenance views) [1], and encrypting attributes during transmission and persistence. Each of these features would be beneficial but they introduce some difficult questions like ownership of the attributes, user/component access control policies (especially across site to site), etc.
While this is not a complete mitigation, at least within a NiFi node, you can use provenance to trace the value of an attribute through the entire flow. As you mentioned multiple S2S hops, this lineage would not be carried forward to the eventual destination. Please submit a Jira ticket [2] expressing your desire for this feature. Community feedback helps the developers prioritize what goes into future releases. [1] https://issues.apache.org/jira/browse/NIFI-1140 <https://issues.apache.org/jira/browse/NIFI-1140> [2] https://issues.apache.org/jira/secure/CreateIssue!default.jspa Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Oct 11, 2016, at 6:42 AM, Pompilio Ramirez <[email protected]> wrote: > > Hello, > > Is there a way to make an attribute / value protected? > For instance I have an edge device and I send data from it to bring home to > cloud. > The dataflow lifecycle will have my flowfile go through multiple NIFI site to > site clusters that will be supported by different dataflow teams. I want to > ensure certain attributes are not inadvertently replaced and as such I want > to mark them as protected. > > > I can see how if needed someone could go out of their way to replace / delete > an attribute but I am trying to see if there is anything in place that would > let me tag an attribute as protected. > > Thank you.
signature.asc
Description: Message signed with OpenPGP using GPGMail
