Skip to content

opentdf/nifi

OpenTDF NiFi

Integration of the OpenTDF Platform into NiFi

Components:

  • "Zero Trust Data Format" (ZTDF) Processors:

    • ConvertToZTDF: A NiFi processor that converts FlowFile content to ZTDF format.
    • ConvertFromZTDF: A NiFi processor that converts ZTDF formatted FlowFile content to its plaintext representation
  • NanoTDF Processors (See NanoTDF Specification):

    • ConvertToNanoTDF: A NiFi processor that converts FlowFile content to NanoTDF format.
    • ConvertFromNanoTDF: A NiFi processor that converts NanoTDF formatted FlowFile content to its plaintext representation
  • Controller Services:

Using a custom TrustStore

Communicating over TLS with self-signed or other untrusted certs can be configured using NiFi's standard SSL Context Service and then wired into the processors by setting their respective SSL Context Service properties to use a configured SSL Context Service.

Example

See An Sample NiFi FlowFile Template using ZTDF/NanoTDF Processors

Upload and use this template in NiFi:

  • Configure the OpenTDFControllerService properties
    • set then OpenTDF compliant endpoint
    • set OIDC Client credentials (client id and client secret)
    • set the data policy (UpdateAttribute Processor)
    • set the KAS URL: ConvertToZTDF , ConvertToNanoTDF processors

FlowChart: Generic ZTDF Nifi Flows

diagram

FlowChart: Generic NanoTDF NiFi Flows

diagram

Quick Start - Docker Compose

  1. Build the NiFi Archives (NARs) and place in the docker compose mounted volumes. The opentd java-sdk is currently hosted on github's maven package repository, so github credentials are required to perform a maven build.

    export GITHUB_ACTOR=your gh username
    export GITHUB_TOKEN=your gh token
    make compose-package
  2. Start docker compose

    docker compose up
  3. Log into NiFi