Encrypted Provenance Repository
While OS-level access control can offer some security over the provenance data written to the disk in a repository, there are scenarios where the data may be sensitive, compliance and regulatory requirements exist, or NiFi is running on hardware not under the direct control of the organization (cloud, etc.). In this case, the provenance repository allows for all data to be encrypted before being persisted to the disk.
Performance:
The current implementation of the encrypted provenance repository intercepts the record
writer and reader of WriteAheadProvenanceRepository
, which offers
significant performance improvements over the legacy
PersistentProvenanceRepository
and uses the AES/GCM
algorithm, which is fairly performant on commodity hardware. In most scenarios, the added
cost will not be significant (unnoticable on a flow with hundreds of provenance events per
second, moderately noticable on a flow with thousands - tens of thousands of events per
second). However, administrators should perform their own risk assessment and performance
analysis and decide how to move forward. Switching back and forth between
encrypted/unencrypted implementations is not recommended at this time.