Which repository are you referring to? An internal NiFi repository or the location your flow is writing data to?
You can use the EncryptContent processor to encrypt the whole content of the flowfile, but there isn't an easy way to a single field of a record. To do this you will have to use something like the ScriptedTransformRecord and provide a script that encrypts parts of your data.
Here's an example of using ScriptedTransformRecord with a Groovy script to encrypt the field "name":
import javax.crypto.Cipher
import javax.crypto.SecretKey
import javax.crypto.SecretKeyFactory
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.PBEKeySpec
import javax.crypto.spec.SecretKeySpec
import java.security.Key
import java.security.spec.KeySpec
String encryptionKey = "#{encryption.key}"
Key aesKey = new SecretKeySpec(encryptionKey.getBytes("UTF-8"), "AES")
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding")
cipher.init(Cipher.ENCRYPT_MODE, aesKey)
record.setValue("name", cipher.doFinal(record.getValue("name").getBytes("UTF-8")).encodeBase64())
record
To decrypt it you could use:
import javax.crypto.Cipher
import javax.crypto.SecretKey
import javax.crypto.SecretKeyFactory
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.PBEKeySpec
import javax.crypto.spec.SecretKeySpec
import java.security.Key
import java.security.spec.KeySpec
import java.util.Base64
String encryptionKey = "#{encryption.key}"
Key aesKey = new SecretKeySpec(encryptionKey.getBytes("UTF-8"), "AES")
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding")
cipher.init(Cipher.DECRYPT_MODE, aesKey)
record.setValue("name", cipher.doFinal(Base64.getDecoder().decode(record.getValue("name"))))
record
The encrypt key is specified through a NiFi parameter called encryption.key.
Cheers,
André
--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
