exceptionfactory commented on a change in pull request #5110:
URL: https://github.com/apache/nifi/pull/5110#discussion_r644440450
##########
File path: nifi-docs/src/main/asciidoc/user-guide.adoc
##########
@@ -2922,6 +2922,34 @@
key5=c6FzfnKm7UR7xqI2NFpZ+fEKBfSU7+1NvRw+XWQ9U39MONWqk5gvoyOCdFR1kUgeg46jrN5dGXk
Each line defines a key ID and then the Base64-encoded cipher text of a 16
byte IV and wrapped AES-128, AES-192, or AES-256 key depending on the JCE
policies available. The individual keys are wrapped by AES/GCM encryption using
the **root key** defined by `nifi.bootstrap.sensitive.key` in
_conf/bootstrap.conf_.
+===== KeyStoreKeyProvider
+The `KeyStoreKeyProvider` implementation reads from an encrypted keystore
using the configured password to load AES Secret Key entries.
+
+The provider supports the following Keystore Types:
+
+* BCFKS
+* PKCS12
Review comment:
JKS does not support storage of Secret Key entries, so attempting to run
`keytool -genseckey -storetype JKS` throws a KeyStoreException. PKCS12 is also
the default KeyStore Type starting in Java 9.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
