I just upgraded nifi from 1.8.0 to 1.21.0 New NIFI can start properly without any flow imported. However, when I import old flow, nifi 1.21.0 won't start with the following exception:
2023-05-30 14:39:35,215 ERROR [main] o.a.nifi.properties.NiFiPropertiesLoader Flow Configuration [/data/nifi/persistent/flow.xml.gz] Found: Migration Required for blank Sensitive Properties Key [nifi.sensitive.props.key]
2023-05-30 14:39:35,215 ERROR [main] org.apache.nifi.NiFi Failure to launch NiFi
java.lang.IllegalArgumentException: There was an issue decrypting protected properties
at org.apache.nifi.NiFi.initializeProperties(NiFi.java:375)
at org.apache.nifi.NiFi.convertArgumentsToValidatedNiFiProperties(NiFi.java:343)
at org.apache.nifi.NiFi.convertArgumentsToValidatedNiFiProperties(NiFi.java:339)
at org.apache.nifi.NiFi.main(NiFi.java:331)
Caused by: org.apache.nifi.properties.SensitivePropertyProtectionException: Sensitive Properties Key [nifi.sensitive.props.key] not found: See Admin Guide section [Updating the Sensitive Properties Key]
at org.apache.nifi.properties.NiFiPropertiesLoader.getDefaultProperties(NiFiPropertiesLoader.java:245)
at org.apache.nifi.properties.NiFiPropertiesLoader.get(NiFiPropertiesLoader.java:218)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.nifi.NiFi.initializeProperties(NiFi.java:370)
... 3 common frames omitted
It seems to be related to Nifi Migration Required for blank Sensitive Properties Key and should have been fixed in nifi 1.14.
In my old nifi1.8, I don't have any value set for nifi.sensitive.props.key, I'd assume default encryption is used for sensitive information in the nifi flow. After upgrade, the nifi.sensitive.props.key is also left empty, should this be transparent to a user who upgrades from an older version of nifi?
If not, Could anyone please advise the steps to dig out the old default key and specify it in nifi.properties <nifi.sensitive.props.key>?
Please note that neither a new key is needed nor the algorithm is changed. I'm re-using the same nifi.properties and I wish it's transparent to users:
nifi.sensitive.props.key=
nifi.sensitive.props.key.protected=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.sensitive.props.additional.keys=
Thanks.
This is what I did recently (when upgraded from NiFi
1.13.2to1.21.0). I copied thenifi.security.keystorePasswdornifi.security.keyPasswdover tonifi.sensitive.props.key.This fixed the above error and I was able to import the old flows.
LMK if this works for you.
I have copy-pasted my current
nifi.propertiesfile below