nifi git commit: NIFI-3299 Added example of sensitive property key migration to the admin guide.

[al...@apache.org]

Repository: nifi
Updated Branches:
  refs/heads/master 675f4f544 -> 47d715741


NIFI-3299 Added example of sensitive property key migration to the admin guide.

This closes #1404.

Signed-off-by: Andy LoPresto <al...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/47d71574
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/47d71574
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/47d71574

Branch: refs/heads/master
Commit: 47d7157412ff8235ba567bb2dbb8f6e6ca4d660e
Parents: 675f4f5
Author: Bryan Bende <bb...@apache.org>
Authored: Fri Jan 6 15:12:57 2017 -0500
Committer: Andy LoPresto <al...@apache.org>
Committed: Fri Jan 6 17:55:27 2017 -0800

----------------------------------------------------------------------
 .../src/main/asciidoc/administration-guide.adoc | 23 ++++++++++++++++++++
 1 file changed, 23 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/nifi/blob/47d71574/nifi-docs/src/main/asciidoc/administration-guide.adoc
----------------------------------------------------------------------
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index 2c643c1..c5beb08 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -1113,6 +1113,10 @@ When applied to 'login-identity-providers.xml', the property elements are update
    </provider>
 ----
 
+[encrypt_config_property_migration]
+Sensitive Property Key Migration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 In order to change the key used to encrypt the sensitive values, indicate *migration mode* using the `-m` or `--migrate` flag, provide the new key or password using the `-k` or `-p` flags as usual, and provide the existing key or password using `-e` or `-w` respectively. This will allow the toolkit to decrypt the existing values and re-encrypt them, and update `bootstrap.conf` with the new key. Only one of the key or password needs to be specified for each phase (old vs. new), and any combination is sufficient:
 
 * old key -> new key
@@ -1120,6 +1124,25 @@ In order to change the key used to encrypt the sensitive values, indicate *migra
 * old password -> new key
 * old password -> new password
 
+[encrypt_config_flow_migration]
+Existing Flow Migration
+~~~~~~~~~~~~~~~~~~~~~~~
+
+This tool can also be used to change the value of `nifi.sensitive.props.key` for an existing flow. The tool will read the existing `flow.xml.gz` and decrypt any sensitive component properties using the original key,
+then re-encrypt the sensitive properties with the new key, and write out a new version of the `flow.xml.gz`, or overwrite the existing one.
+
+The current sensitive properties key is not provided as a command-line argument, as it is read directly from `nifi.properties`. As this file is a required parameter, the `-x`/`--encryptFlowXmlOnly` flags tell the tool *not* to attempt to encrypt the properties in `nifi.properties`, but rather to *only* update the `nifi.sensitive.props.key` value with the new key. The exception to this is if the `nifi.properties` is *already* encrypted, the new sensitive property key will also be encrypted before being written to `nifi.properties`.
+
+The following command would migrate the sensitive properties key in place, meaning it would overwrite the existing `flow.xml.gz` and `nifi.properties`:
+----
+./encrypt-config.sh -f /path/to/flow.xml.gz -n ./path/to/nifi.properties -s newpassword -x
+----
+
+The following command would migrate the sensitive properties key and write out a separate `flow.xml.gz` and `nifi.properties`:
+----
+./encrypt-config.sh -f ./path/to/src/flow.xml.gz -g /path/to/dest/flow.xml.gz -n /path/to/src/nifi.properties -o /path/to/dest/nifi.properties -s newpassword -x
+----
+
 [[encrypt-config_password]]
 Password Key Derivation
 ~~~~~~~~~~~~~~~~~~~~~~~