NiFi
The following are available options when targeting NiFi:
-
-h
,--help
Show usage information (this message) -
-v
,--verbose
Sets verbose mode (default false) -
-n
,--niFiProperties <file>
The nifi.properties file containing unprotected config values (will be overwritten unless-o
is specified) -
-o
,--outputNiFiProperties <file>
The destination nifi.properties file containing protected config values (will not modify input nifi.properties) -
-l
,--loginIdentityProviders <file>
The login-identity-providers.xml file containing unprotected config values (will be overwritten unless-i
is specified) -
-i
,--outputLoginIdentityProviders <file>
The destination login-identity-providers.xml file containing protected config values (will not modify input login-identity-providers.xml) -
-a
,--authorizers <file>
The authorizers.xml file containing unprotected config values (will be overwritten unless-u
is specified) -
-u
,--outputAuthorizers <file>
The destination authorizers.xml file containing protected config values (will not modify input authorizers.xml) -
-f
,--flowXml <file>
The flow.xml.gz file currently protected with old password (will be overwritten unless-g
is specified) -
-g
,--outputFlowXml <file>
The destination flow.xml.gz file containing protected config values (will not modify input flow.xml.gz) -
-b
,--bootstrapConf <file>
The bootstrap.conf file to persist root key and to optionally provide any configuration for the protection scheme. -
-S
,--protectionScheme <protectionScheme>
Selects the protection scheme for encrypted properties. Valid values are: [AES_GCM, HASHICORP_VAULT_TRANSIT, HASHICORP_VAULT_KV, AWS_KMS, AWS_SECRETSMANAGER, AZURE_KEYVAULT_KEY, AZURE_KEYVAULT_SECRET] (default is AES_GCM) -
-k
,--key <keyhex>
The raw hexadecimal key to use to encrypt the sensitive properties -
-e
,--oldKey <keyhex>
The old raw hexadecimal key to use during key migration -
-H
,--oldProtectionScheme <protectionScheme>
The old protection scheme to use during encryption migration (see --protectionScheme for possible values). Default is AES_GCM -
-p
,--password <password>
The password from which to derive the key to use to encrypt the sensitive properties -
-w
,--oldPassword <password>
The old password from which to derive the key during migration -
-r
,--useRawKey
If provided, the secure console will prompt for the raw key value in hexadecimal form -
-m
,--migrate
If provided, the nifi.properties and/or login-identity-providers.xml sensitive properties will be re-encrypted with the new scheme -
-x
,--encryptFlowXmlOnly
If provided, the properties in flow.xml.gz will be re-encrypted with a new key but the nifi.properties and/or login-identity-providers.xml files will not be modified -
-s
,--propsKey <password|keyhex>
The password or key to use to encrypt the sensitive processor properties in flow.xml.gz -
-A
,--newFlowAlgorithm <algorithm>
The algorithm to use to encrypt the sensitive processor properties in flow.xml.gz -
-P
,--newFlowProvider <algorithm>
The security provider to use to encrypt the sensitive processor properties in flow.xml.gz -
-c
,--translateCli
Translates the nifi.properties file to a format suitable for the NiFi CLI tool