We are looking to deploy nifi as part of an appliance. Normally, we use etckeeper [1] to maintain, track and backup our configuration across the board. Etckeeper puts configuration files into a git repo. I would like to store nifi configuration in the same way but I'm concerned about storing the sensitive properties key there along with the flow.xml.gz. I would like to store that key somewhere else and load it in at start up time. Any thoughts on how that could be done. Ultimately, I just want is to not back up the key with the flow.xml.gz (which has the encrypted data). That way if someone gets a hold of the backup it would not trivial to decrypt the sensitive data in flow.xml.gz.
I thought I might be able to do this by adding a custom java.arg to the bootstrap.conf that would point to an environment variable. Something like: java.arg.99=-Dnifi.sensitive.props.key=$NIFI_SENSITIVE_PROPS_KEY But I'm not sure if System properties can stand in for nifi.perperies values and if the boot loader launches nifi in such a way to use environment variables. [1] https://github.com/joeyh/etckeeper