NiFi

The following are available options when targeting NiFi:

  • -h,--help Show usage information (this message)

  • -v,--verbose Sets verbose mode (default false)

  • -n,--niFiProperties <file> The nifi.properties file containing unprotected config values (will be overwritten unless -o is specified)

  • -o,--outputNiFiProperties <file> The destination nifi.properties file containing protected config values (will not modify input nifi.properties)

  • -l,--loginIdentityProviders <file> The login-identity-providers.xml file containing unprotected config values (will be overwritten unless -i is specified)

  • -i,--outputLoginIdentityProviders <file> The destination login-identity-providers.xml file containing protected config values (will not modify input login-identity-providers.xml)

  • -a,--authorizers <file> The authorizers.xml file containing unprotected config values (will be overwritten unless -u is specified)

  • -u,--outputAuthorizers <file> The destination authorizers.xml file containing protected config values (will not modify input authorizers.xml)

  • -f,--flowXml <file> The flow.xml.gz file currently protected with old password (will be overwritten unless -g is specified)

  • -g,--outputFlowXml <file> The destination flow.xml.gz file containing protected config values (will not modify input flow.xml.gz)

  • -b,--bootstrapConf <file> The bootstrap.conf file to persist root key and to optionally provide any configuration for the protection scheme.

  • -S,--protectionScheme <protectionScheme> Selects the protection scheme for encrypted properties. Valid values are: [AES_GCM, HASHICORP_VAULT_TRANSIT, HASHICORP_VAULT_KV, AWS_KMS, AWS_SECRETSMANAGER, AZURE_KEYVAULT_KEY, AZURE_KEYVAULT_SECRET] (default is AES_GCM)

  • -k,--key <keyhex> The raw hexadecimal key to use to encrypt the sensitive properties

  • -e,--oldKey <keyhex> The old raw hexadecimal key to use during key migration

  • -H,--oldProtectionScheme <protectionScheme> The old protection scheme to use during encryption migration (see --protectionScheme for possible values). Default is AES_GCM

  • -p,--password <password> The password from which to derive the key to use to encrypt the sensitive properties

  • -w,--oldPassword <password> The old password from which to derive the key during migration

  • -r,--useRawKey If provided, the secure console will prompt for the raw key value in hexadecimal form

  • -m,--migrate If provided, the nifi.properties and/or login-identity-providers.xml sensitive properties will be re-encrypted with the new scheme

  • -x,--encryptFlowXmlOnly If provided, the properties in flow.xml.gz will be re-encrypted with a new key but the nifi.properties and/or login-identity-providers.xml files will not be modified

  • -s,--propsKey <password|keyhex> The password or key to use to encrypt the sensitive processor properties in flow.xml.gz

  • -A,--newFlowAlgorithm <algorithm> The algorithm to use to encrypt the sensitive processor properties in flow.xml.gz

  • -P,--newFlowProvider <algorithm> The security provider to use to encrypt the sensitive processor properties in flow.xml.gz

  • -c,--translateCli Translates the nifi.properties file to a format suitable for the NiFi CLI tool