NiFi System Properties
Encrypted File System Content Repository Properties

All of the properties defined above (see File System Content Repository Properties) still apply. Only encryption-specific properties are listed here. See Encrypted Content Repository in the User Guide for more information.




This is the fully-qualified class name of the key provider. A key provider is the datastore interface for accessing the encryption key to protect the content claims. There are currently two implementations - StaticKeyProvider which reads a key directly from, and FileBasedKeyProvider which reads n many keys from an encrypted file. The interface is extensible, and HSM-backed or other providers are expected in the future.


The path to the key definition resource (empty for StaticKeyProvider, ./keys.nkp or similar path for FileBasedKeyProvider). For future providers like an HSM, this may be a connection string or URL.

The active key ID to use for encryption (e.g. Key1).


The key to use for StaticKeyProvider. The key format is hex-encoded (0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210) but can also be encrypted using the ./ tool in NiFi Toolkit (see the Encrypt-Config Tool section in the NiFi Toolkit Guide for more information).*

Allows for additional keys to be specified for the StaticKeyProvider. For example, the line…​210 would provide an available key Key2.

The simplest configuration is below: