3

I have a dataflow running in NiFi 1.10.0, the relevant properties from this installation is here:

nifi.sensitive.props.key=
nifi.sensitive.props.key.protected=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.sensitive.props.additional.keys=

I am trying to migrate the flowfile to the 1.15.2 install where the properties are

 nifi.sensitive.props.key=<redacted>
 nifi.sensitive.props.key.protected=
 nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256
 nifi.sensitive.props.additional.keys=

Found this section in the NiFi admin guide to help with the migration. Has anyone done this, what command options did you use? Also is this a two step process since I am going from a blank key to a non-empty one and also changing the algorithm at the same time?

I used this command and the conversion works fine when you don't change the algorithm. Basically just setting a key when it was not set in the earlier 1.10.0 install.

 $ ./nifi-toolkit-1.15.2/bin/encrypt-config.sh -f /path/to/nifi/nifi-1.10.0/conf/flow.xml.gz -g /path/to/nifi/nifi-1.15.2/conf/flow.xml.gz -s new_password -n /path/to/nifi/nifi-1.10.0/conf/nifi.properties -o /path/to/nifi/nifi-1.15.2/conf/nifi.properties -x

How do you change the algorithm and set the key at the same time?

Thanks

Vijay Kumar
  • 2,439
  • 2
  • 32
  • 51
  • Yes. The example command works as-is for me as well. According to the documentation (https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#encrypt_config_tool), we can use `-A` to specify a new algorithm. I didn't test it though – Fan Li Jan 12 '22 at 12:59
  • I will give it a try – Vijay Kumar Jan 12 '22 at 18:57
  • No, the -A flag didn't work. It did't output the nifi.properties file with the new algorithm name I provide in the command. However it does set the specified value for the nifi.sensitive.props.key property in the output nifi.properties – Vijay Kumar Jan 12 '22 at 20:14
  • hi @VijayKumar Have you got any solution for the issue? – Priyesh Karatha Oct 17 '22 at 09:15
  • Hi Priyesh, yes I did have this resolved. – Vijay Kumar Oct 18 '22 at 15:07
  • If the versions are different, Do you want to open another question and I can chime in there. – Vijay Kumar Oct 18 '22 at 16:04
  • @VijayKumar https://stackoverflow.com/questions/74095159/how-to-migrate-nif-flowfile-from-1-12-version-to-1-16-3. You can answer here – Priyesh Karatha Oct 19 '22 at 08:59

1 Answers1

0

Issue can be resolved by following steps

  1. Before migration if you don't have nifi.sensitive.props.key set, set it using following command ${NIFI_TOOLKIT_PAT}/bin/encrypt-config.sh -f /opt/nifi/nifi-current/data/flow.xml.gz -p ${NIFI_HOME}/conf/nifi.properties -s <NEW_KEY_TO_SET> -x
  2. Once key is set upgrade nifi. Since in newer version algorithm is changed set it using command ${NIFI_HOME}/bin/nifi.sh set-sensitive-properties-algorithm <NEW_ALGORITHM>
  3. Once algorithm set, encrypt again using command ${NIFI_TOOLKIT_PAT}/bin/encrypt-config.sh -f /opt/nifi/nifi-current/data/flow.xml.gz -p ${NIFI_HOME}/conf/nifi.properties -s <NEW_KEY_TO_SET> -x

Now you will get all compatible files with respect your latest version

Priyesh Karatha
  • 604
  • 5
  • 18