THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
The security of the encryption depends on the security of the bootstrap.conf file, storing which contains the encryption key.
Vocabulary
...
- If the files are already encrypted, there should be a "
nifi.bootstrap.sensitive.key=..."line in thebootstrap.conffile (i.e. have access to the original key), otherwise you have to manually replace all encrypted data (sensitive properties and flow configuration) with their original, unencrypted values (or some other new value) - If present, rename the "
nifi.bootstrap.sensitive.key=..."property inbootstrap.confto"nifi.bootstrap.sensitive.key.old=..."(i.e. add ".old" suffix to the property name) - If you have a specific encryption key you would like to use, add it to the
bootstrap.conf, file (add the line "nifi.bootstrap.sensitive.key=<your encryption key here>"). If you provide no encryption key (nonifi.bootstrap.sensitive.keyproperty inbootstrap.conf, or nobootstrap.confat all), a new key will be randomly generated and written tobootstrap.conf. - Re-run the
encrypt-configtool.
...
Specify the property nifi.flow.configuration.encrypt=true, in the properties file , to have the new flow configuration written to the disk encrypted after a flow update (originating from a C2 server). It requires that you have a conf/bootstrap.conf in your minifi home, containing an encryption key (nifi.bootstrap.sensitive.key). This "master key" is also used on agent startup to decrypt the flow configuration file.