Repository Encryption
Repository encryption provides a layer of security for information persisted to the filesystem during processing. Enabling encryption and configuring a Key Provider using these properties applies to all repositories.
|
Property |
Description |
|
|
The encryption protocol version applied to all repository implementations. Absence of this property value disables repository encryption. Configuring a supported protocol enables encryption for all repositories. Supported protocol versions include: |
|
|
The key identifier that repository implementations will use for new encryption operations. The key identifier must match the |
|
|
The Key Provider implementation that repository implementations will use for retrieving keys necessary for encryption and decryption. Supported providers include: |
|
|
Path to the KeyStore resource required for the |
|
|
Password for the configured KeyStore resource required for the |
Configuring repository encryption properties overrides the following repository implementation class properties, as well as associated Key Provider properties:
-
nifi.content.repository.implementation -
nifi.flowfile.repository.wal.implementation -
nifi.provenance.repository.implementation -
nifi.swap.manager.implementation
The following provides an example set of configuration properties using a PKCS12 KeyStore as the Key Provider:
nifi.repository.encryption.protocol.version=1
nifi.repository.encryption.key.id=primary-key
nifi.repository.encryption.key.provider=KEYSTORE
nifi.repository.encryption.key.provider.keystore.location=conf/repository.p12
nifi.repository.encryption.key.provider.keystore.password=2fRKmwDyMYmT7P5L
