question Nifi CSFLE inmeplentation with AWS KMS in Support Questions https://community.cloudera.com/t5/Support-Questions/Nifi-CSFLE-inmeplentation-with-AWS-KMS/m-p/398569#M250245 <P>Hi Team, I am trying to implement the CSFLE logic using the AWS KMS&nbsp; service. I am using ScriptiedTransformRecord processor with Groovy script. For testing purpose , i have used the sample encryption key which created by openssl and tested the script , it is working fine. However,&nbsp; i would like to use the AWS KMS for the encryption keys. Is the a way to interact with KMS to get the key .</P><P>Here is my flow<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 509px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/42977i3DD734F0CEF16777/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Mon, 09 Dec 2024 08:28:34 GMT rajivswe_2k7 2024-12-09T08:28:34Z Nifi CSFLE inmeplentation with AWS KMS https://community.cloudera.com/t5/Support-Questions/Nifi-CSFLE-inmeplentation-with-AWS-KMS/m-p/398569#M250245 <P>Hi Team, I am trying to implement the CSFLE logic using the AWS KMS&nbsp; service. I am using ScriptiedTransformRecord processor with Groovy script. For testing purpose , i have used the sample encryption key which created by openssl and tested the script , it is working fine. However,&nbsp; i would like to use the AWS KMS for the encryption keys. Is the a way to interact with KMS to get the key .</P><P>Here is my flow<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 509px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/42977i3DD734F0CEF16777/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Mon, 09 Dec 2024 08:28:34 GMT https://community.cloudera.com/t5/Support-Questions/Nifi-CSFLE-inmeplentation-with-AWS-KMS/m-p/398569#M250245 rajivswe_2k7 2024-12-09T08:28:34Z Re: Nifi CSFLE inmeplentation with AWS KMS https://community.cloudera.com/t5/Support-Questions/Nifi-CSFLE-inmeplentation-with-AWS-KMS/m-p/398570#M250246 <P>My Groovy script:</P><P>import javax.crypto.Cipher<BR />import javax.crypto.spec.SecretKeySpec<BR />import java.util.Base64</P><P>// Define the AES encryption key<BR />String encryptionKey = "6ef552ae5333c9abb682e1f5221b1bdc"</P><P>// Ensure the key is 16 bytes (128 bits) for AES-128<BR />if (encryptionKey.length() != 32) {<BR />throw new IllegalArgumentException("Encryption key must be 16 characters long for AES-128.")<BR />}</P><P>// Convert the key to a SecretKeySpec<BR />SecretKeySpec aesKey = new SecretKeySpec(encryptionKey.getBytes("UTF-8"), "AES")</P><P>// Initialize the Cipher for AES/ECB/PKCS5Padding<BR />Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding")<BR />cipher.init(Cipher.ENCRYPT_MODE, aesKey)</P><P>// Retrieve the input data to encrypt<BR />String inputData = record.getValue("name") // Replace "name" with your actual field name<BR />byte[] encryptedData = cipher.doFinal(inputData.getBytes("UTF-8"))</P><P>// Encode the encrypted data to Base64<BR />String encryptedBase64 = Base64.getEncoder().encodeToString(encryptedData)</P><P>// Set the encrypted value back into the record<BR />record.setValue("name", encryptedBase64)</P><P>// Return the updated record<BR />return record</P> Mon, 09 Dec 2024 08:29:51 GMT https://community.cloudera.com/t5/Support-Questions/Nifi-CSFLE-inmeplentation-with-AWS-KMS/m-p/398570#M250246 rajivswe_2k7 2024-12-09T08:29:51Z