NIFI-3299 NIFI-3299 Added more explanation of encrypt-config tool mig…

…ration of flow.xml.gz behavior.
alopresto · Jan 7, 2017 · 61987de · 61987de
1 parent 11c71dd
commit 61987de
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -1120,17 +1120,19 @@ In order to change the key used to encrypt the sensitive values, indicate *migra
 * old password -> new key
 * old password -> new password
 
-This tool can also be used to change the value of 'nifi.sensitive.props.key' for an existing flow. The tool will read the existing flow.xml.gz and decrypt any sensitive properties using the original key,
-then re-encrypt the sensitive properties with the new key, and write out a new version of the flow.xml.gz, or overwriting the existing one.
+This tool can also be used to change the value of `nifi.sensitive.props.key` for an existing flow. The tool will read the existing `flow.xml.gz` and decrypt any sensitive properties using the original key,
+then re-encrypt the sensitive properties with the new key, and write out a new version of the `flow.xml.gz`, or overwrite the existing one.
 
-The following command would migrate the sensitive properties key in place, meaning it would overwrite the existing flow.xml.gz and nifi.properties:
+The current sensitive properties key is not provided as a command-line argument, as it is read directly from `nifi.properties`. As this file is a required parameter, the `-x`/`--encryptFlowXmlOnly` flags tell the tool *not* to attempt to encrypt the properties in `nifi.properties`, but rather to *only* update the `nifi.sensitive.props.key` value with the new key. The exception to this is if the `nifi.properties` is *already* encrypted, the new sensitive property key will also be encrypted before being written to `nifi.properties`.
+
+The following command would migrate the sensitive properties key in place, meaning it would overwrite the existing `flow.xml.gz` and `nifi.properties`:
 ----
 ./encrypt-config.sh -f /path/to/flow.xml.gz -n ./path/to/nifi.properties -s newpassword -x
 ----
 
-The following command would migrate the sensitive properties key and write out a separate flow.xml.gz and nifi.properties:
+The following command would migrate the sensitive properties key and write out a separate `flow.xml.gz` and `nifi.properties`:
 ----
-./encrypt-config.sh -f ./path/to/src/flow.xml.gz -g /path/to/dest/flow.xml.gz -n /path/to/src/nifi.properties -o /path/to/dest/nifi.properties -s newpassword  -x
+./encrypt-config.sh -f ./path/to/src/flow.xml.gz -g /path/to/dest/flow.xml.gz -n /path/to/src/nifi.properties -o /path/to/dest/nifi.properties -s newpassword -x
 ----
 
 [[encrypt-config_password]]