NiFi Registry

The following are available options when targeting NiFi Registry using the --nifiRegistry flag:

  • -h,--help Show usage information (this message)

  • -v,--verbose Sets verbose mode (default false)

  • -p,--password <password> Protect the files using a password-derived key. If an argument is not provided to this flag, interactive mode will be triggered to prompt the user to enter the password.

  • -k,--key <keyhex> Protect the files using a raw hexadecimal key. If an argument is not provided to this flag, interactive mode will be triggered to prompt the user to enter the key.

  • -S,--protectionScheme <protectionScheme> Selects the protection scheme for encrypted properties. Valid values are: [AES_GCM, HASHICORP_VAULT_TRANSIT, HASHICORP_VAULT_KV, AWS_KMS, AWS_SECRETSMANAGER, AZURE_KEYVAULT_KEY, AZURE_KEYVAULT_SECRET] (default is AES_GCM)

  • --oldPassword <password> If the input files are already protected using a password-derived key, this specifies the old password so that the files can be unprotected before re-protecting.

  • --oldKey <keyhex> If the input files are already protected using a key, this specifies the raw hexadecimal key so that the files can be unprotected before re-protecting.

  • -H,`--oldProtectionScheme <protectionScheme>`The old protection scheme to use during encryption migration (see --protectionScheme for possible values). Default is AES_GCM.

  • -b,--bootstrapConf <file> The bootstrap.conf file containing no root key or an existing root key, and any other protection scheme configuration properties. If a new password or key is specified (using -p or -k) and no output bootstrap.conf file is specified, then this file will be overwritten to persist the new master key.

  • -B,--outputBootstrapConf <file> The destination bootstrap.conf file to persist root key. If specified, the input bootstrap.conf will not be modified.

  • -r,--nifiRegistryProperties <file> The nifi-registry.properties file containing unprotected config values, overwritten if no output file specified.

  • -R,--outputNifiRegistryProperties <file> The destination nifi-registry.properties file containing protected config values.

  • -a,--authorizersXml <file> The authorizers.xml file containing unprotected config values, overwritten if no output file specified.

  • -A,--outputAuthorizersXml <file> The destination authorizers.xml file containing protected config values.

  • -i,--identityProvidersXml <file> The identity-providers.xml file containing unprotected config values, overwritten if no output file specified.

  • -I,--outputIdentityProvidersXml <file> The destination identity-providers.xml file containing protected config values.

  • --decrypt Can be used with -r to decrypt a previously encrypted NiFi Registry Properties file. Decrypted content is printed to STDOUT.