markap14 commented on a change in pull request #3594: NIFI-3833 Support for Encrypted Flow File Repositories URL: https://github.com/apache/nifi/pull/3594#discussion_r314039486
########## File path: nifi-docs/src/main/asciidoc/administration-guide.adoc ########## @@ -2477,6 +2477,13 @@ implementation. |`nifi.flowfile.repository.always.sync`|If set to `true`, any change to the repository will be synchronized to the disk, meaning that NiFi will ask the operating system not to cache the information. This is very expensive and can significantly reduce NiFi performance. However, if it is `false`, there could be the potential for data loss if either there is a sudden power loss or the operating system crashes. The default value is `false`. |==== +==== Encryption + +The FlowFile repository can be configured to encrypt all files as they are written to disk. To enable this encryption, +set the `nifi.flowfile.repository.always.key.1` property to a 16 or 32 bit value like this: Review comment: In the description, it indicates setting "nifi.flowfile.repository.always.key.1" whereas in the example, you use "...cipher.key.1" instead of "...always.key.1" - I'm not sure that I understand the difference. Also, is it expecting multiple keys? If so, it probably makes sense in the example to show multiple keys and to explain how the different keys may be used. If it expects only a single key be provided, why use a suffix such as `.1`? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services