Configuring NiFi for HDFS Encryption

Key Creation Process

1. Log in to Ranger KMS UI.

   <Hostname>:6080

   

2. Provide Username as ‘keyadmin’ and password for user.

3. Go to the Encryption tab and click Key Manager.

   

4. Select the appropriate defined service from list.

   

5. Click Add New Key.

6. Fill out the Key Detail fields.

   

7. Click Save.

Now the Key has been successfully created, and it can be used for creating an encryption zone.

Permission Definition

The next task is to provide necessary permissions to a user who will run the NiFi application. In our case, we are using a NiFi user for running the application and HDFS as a super user operation.

1. Click on Service.

   

2. Click on the edit icon present at right side.

   

3. Go to bottom of page , you will see User and Group Permissions tab.

   

4. Provide appropriate permissions to the NiFi user.

Configure CreateHDFSFolder Processor

1. Right-click Processor and select Configure.
2. Configure the highlighted property for the processor.

Directory To Be Encrypted:  /model.db/${source}
                            /app/warehouse/${source}
                            /etl/${source}
                            /archive/${source}
Encryption Key: nifikey
Encryption Required: Y

3. Click OK and start the processor.

   You have successfully configured NiFi DataLake Platform for HDFS Encryption.