Hello, I'm using NiFi in a compliance setting. One of my use cases is for deheading (hashing names, ssns, etc) and republishing. It works great for these tasks but I need to cover my bases to make sure things are not stored on disk. E.g. when I extract a name to an attribute for hashing, I do not want to store it unencrypted at rest in the provenance repo.
It seems I can turn off the content repo with this setting: nifi.content.repository.archive.enabled=false Is flowfile content stored on disk anywhere once the flowfile is dropped with the setting above? Regarding the provenance repo, the settings offer the ability to truncate the attribute on retrieval e.g. nifi.provenance.repository.max.attribute.length=8 Does the above setting change only what can be retrieved or does it limit what is stored? If it is still storing all the attributes, then I will likely need to greatly reduce the provenance repo max.storage.time. Would severely limiting the provenance or content repo negatively affect NiFi's performance? Is there a way that I can have these "secure" settings only for certain templates? Or are these provenance and content repo setting only configurable server wide? Has there ever been thought to enable encryption at rest of the provenance repo to deal with situations like mine? Thanks in advance. -- [image: Payoff, Inc.] <http://www.payoff.com/> Jeremy Farbota Software Engineer, Data [email protected] <[email protected]> • (217) 898-8110 <(949)+430-0630> I'm a Storyteller. Discover your Financial Personality! <https://www.payoff.com/quiz> [image: Facebook] <https://www.facebook.com/payoff> [image: Twitter] <https://www.twitter.com/payoff> [image: Linkedin] <https://www.linkedin.com/company/payoff-com>
