[GitHub] [nifi] emiliosetiadarma commented on a change in pull request #5202: NIFI-6325 Added AWS Sensitive Property Provider

Wed, 21 Jul 2021 14:41:14 -0700 


emiliosetiadarma commented on a change in pull request #5202:
URL: https://github.com/apache/nifi/pull/5202#discussion_r674364695



##########
File path: nifi-docs/src/main/asciidoc/toolkit-guide.adoc
##########
@@ -699,6 +719,40 @@ for each phase (old vs. new), and any combination is 
sufficient:
 In order to change the protection scheme (e.g., migrating from AES encryption 
to Vault encryption), specify the `--protectionScheme`
 and `--oldProtectionScheme` in the migration command.
 
+The following is an example of the commands for protection scheme migration 
from AES_GCM to AWS_KMS then back. Execute these commands at the `nifi` 
directory with the `nifi-toolkit` directory as a sibling directory. In 
addition, make sure to update `bootstrap-aws.conf` with your AWS KMS Key ARN/ID 
and have your credentials and region configured.
+
+
+This command encrypts nifi.properties with the AES_GCM protection scheme
+----
+./../nifi-toolkit-*-SNAPSHOT/bin/encrypt-config.sh \
+-b conf/bootstrap.conf \
+-n conf/nifi.properties \
+-k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 \
+-v
+----
+This command migrates nifi.properties from using AES_GCM to using AWS_KMS 
protection scheme
+----
+./../nifi-toolkit-*-SNAPSHOT/bin/encrypt-config.sh \
+-b conf/bootstrap.conf \
+-n conf/nifi.properties \
+-S AWS_KMS \
+-H AES_GCM \
+-e 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 \
+-m \
+-v
+----
+This command migrates nifi.properties back from AWS_KMS to AES_GCM protection 
scheme
+----
+./../nifi-toolkit-*-SNAPSHOT/bin/encrypt-config.sh \
+-b conf/bootstrap.conf \
+-n conf/nifi.properties \
+-S AES_GCM \
+-k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 \
+-H AES_GCM \

Review comment:
       Will make the changes, although important thing to note for future 
changes of the encrypt-config tool is that this command will still produce the 
desired effect (i.e. changing AWS_KMS protection scheme back to AES_GCM 
protection scheme)




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to