• General
  • Overview
  • Getting Started
  • User Guide
  • Expression Language Guide
  • RecordPath Guide
  • Admin Guide
  • Toolkit Guide
  • Walkthroughs

• Developer
  • Developer Guide
  • Python Developer Guide
  • Apache NiFi In Depth
  • REST API
  • OpenAPI Specification

• Processors
  • AttributeRollingWindow
  • AttributesToCSV
  • AttributesToJSON
  • CalculateRecordStats
  • CaptureChangeMySQL
  • CompressContent
  • ConnectWebSocket
  • ConsumeAMQP
  • ConsumeAzureEventHub
  • ConsumeBoxEnterpriseEvents
  • ConsumeBoxEvents
  • ConsumeElasticsearch
  • ConsumeGCPubSub
  • ConsumeIMAP
  • ConsumeJMS
  • ConsumeKafka
  • ConsumeKinesis
  • ConsumeKinesisStream
  • ConsumeMQTT
  • ConsumePOP3
  • ConsumeSlack
  • ConsumeTwitter
  • ConsumeWindowsEventLog
  • ControlRate
  • ConvertCharacterSet
  • ConvertRecord
  • CopyAzureBlobStorage_v12
  • CopyS3Object
  • CountText
  • CreateBoxFileMetadataInstance
  • CreateBoxMetadataTemplate
  • CryptographicHashContent
  • DebugFlow
  • DecryptContentAge
  • DecryptContentPGP
  • DeduplicateRecord
  • DeleteAzureBlobStorage_v12
  • DeleteAzureDataLakeStorage
  • DeleteBoxFileMetadataInstance
  • DeleteByQueryElasticsearch
  • DeleteDynamoDB
  • DeleteFile
  • DeleteGCSObject
  • DeleteGridFS
  • DeleteMongo
  • DeleteS3Object
  • DeleteSFTP
  • DeleteSQS
  • DetectDuplicate
  • DistributeLoad
  • DuplicateFlowFile
  • EncodeContent
  • EncryptContentAge
  • EncryptContentPGP
  • EnforceOrder
  • EvaluateJsonPath
  • EvaluateXPath
  • EvaluateXQuery
  • ExecuteGroovyScript
  • ExecuteProcess
  • ExecuteScript
  • ExecuteSQL
  • ExecuteSQLRecord
  • ExecuteStreamCommand
  • ExtractAvroMetadata
  • ExtractEmailAttachments
  • ExtractEmailHeaders
  • ExtractGrok
  • ExtractHL7Attributes
  • ExtractRecordSchema
  • ExtractStructuredBoxFileMetadata
  • ExtractText
  • FetchAzureBlobStorage_v12
  • FetchAzureDataLakeStorage
  • FetchBoxFile
  • FetchBoxFileInfo
  • FetchBoxFileMetadataInstance
  • FetchBoxFileRepresentation
  • FetchDistributedMapCache
  • FetchDropbox
  • FetchFile
  • FetchFTP
  • FetchGCSObject
  • FetchGoogleDrive
  • FetchGridFS
  • FetchS3Object
  • FetchSFTP
  • FetchSmb
  • FilterAttribute
  • FlattenJson
  • ForkEnrichment
  • ForkRecord
  • GenerateFlowFile
  • GenerateRecord
  • GenerateTableFetch
  • GeoEnrichIP
  • GeoEnrichIPRecord
  • GeohashRecord
  • GetAwsPollyJobStatus
  • GetAwsTextractJobStatus
  • GetAwsTranscribeJobStatus
  • GetAwsTranslateJobStatus
  • GetAzureEventHub
  • GetAzureQueueStorage_v12
  • GetBoxFileCollaborators
  • GetBoxGroupMembers
  • GetDynamoDB
  • GetElasticsearch
  • GetFile
  • GetFileResource
  • GetFTP
  • GetGcpVisionAnnotateFilesOperationStatus
  • GetGcpVisionAnnotateImagesOperationStatus
  • GetHubSpot
  • GetMongo
  • GetMongoRecord
  • GetS3ObjectMetadata
  • GetS3ObjectTags
  • GetSFTP
  • GetShopify
  • GetSmbFile
  • GetSNMP
  • GetSplunk
  • GetSQS
  • GetWorkdayReport
  • GetZendesk
  • HandleHttpRequest
  • HandleHttpResponse
  • IdentifyMimeType
  • InvokeHTTP
  • InvokeScriptedProcessor
  • ISPEnrichIP
  • JoinEnrichment
  • JoltTransformJSON
  • JoltTransformRecord
  • JSLTTransformJSON
  • JsonQueryElasticsearch
  • ListAzureBlobStorage_v12
  • ListAzureDataLakeStorage
  • ListBoxFile
  • ListBoxFileInfo
  • ListBoxFileMetadataInstances
  • ListBoxFileMetadataTemplates
  • ListDatabaseTables
  • ListDropbox
  • ListenFTP
  • ListenHTTP
  • ListenOTLP
  • ListenSlack
  • ListenSyslog
  • ListenTCP
  • ListenTrapSNMP
  • ListenUDP
  • ListenUDPRecord
  • ListenWebSocket
  • ListFile
  • ListFTP
  • ListGCSBucket
  • ListGoogleDrive
  • ListS3
  • ListSFTP
  • ListSmb
  • LogAttribute
  • LogMessage
  • LookupAttribute
  • LookupRecord
  • MergeContent
  • MergeRecord
  • ModifyBytes
  • ModifyCompression
  • MonitorActivity
  • MoveAzureDataLakeStorage
  • Notify
  • PackageFlowFile
  • PaginatedJsonQueryElasticsearch
  • ParseEvtx
  • ParseNetflowv5
  • ParseSyslog
  • ParseSyslog5424
  • PartitionRecord
  • PublishAMQP
  • PublishGCPubSub
  • PublishJMS
  • PublishKafka
  • PublishMQTT
  • PublishSlack
  • PutAzureBlobStorage_v12
  • PutAzureCosmosDBRecord
  • PutAzureDataExplorer
  • PutAzureDataLakeStorage
  • PutAzureEventHub
  • PutAzureQueueStorage_v12
  • PutBigQuery
  • PutBoxFile
  • PutCloudWatchMetric
  • PutDatabaseRecord
  • PutDistributedMapCache
  • PutDropbox
  • PutDynamoDB
  • PutDynamoDBRecord
  • PutElasticsearchJson
  • PutElasticsearchRecord
  • PutEmail
  • PutFile
  • PutFTP
  • PutGCSObject
  • PutGoogleDrive
  • PutGridFS
  • PutIcebergRecord
  • PutKinesisFirehose
  • PutKinesisStream
  • PutLambda
  • PutMongo
  • PutMongoBulkOperations
  • PutMongoRecord
  • PutRecord
  • PutRedisHashRecord
  • PutS3Object
  • PutSalesforceObject
  • PutSFTP
  • PutSmbFile
  • PutSNS
  • PutSplunk
  • PutSplunkHTTP
  • PutSQL
  • PutSQS
  • PutSyslog
  • PutTCP
  • PutUDP
  • PutWebSocket
  • PutZendeskTicket
  • QueryAirtableTable
  • QueryAzureDataExplorer
  • QueryDatabaseTable
  • QueryDatabaseTableRecord
  • QueryRecord
  • QuerySalesforceObject
  • QuerySplunkIndexingStatus
  • RemoveRecordField
  • RenameRecordField
  • ReplaceText
  • ReplaceTextWithMapping
  • RetryFlowFile
  • RouteHL7
  • RouteOnAttribute
  • RouteOnContent
  • RouteText
  • RunMongoAggregation
  • SampleRecord
  • ScanAttribute
  • ScanContent
  • ScriptedFilterRecord
  • ScriptedPartitionRecord
  • ScriptedTransformRecord
  • ScriptedValidateRecord
  • SearchElasticsearch
  • SegmentContent
  • SendTrapSNMP
  • SetSNMP
  • SignContentPGP
  • SplitAvro
  • SplitContent
  • SplitExcel
  • SplitJson
  • SplitPCAP
  • SplitRecord
  • SplitText
  • SplitXml
  • StartAwsPollyJob
  • StartAwsTextractJob
  • StartAwsTranscribeJob
  • StartAwsTranslateJob
  • StartGcpVisionAnnotateFilesOperation
  • StartGcpVisionAnnotateImagesOperation
  • TagS3Object
  • TailFile
  • TransformXml
  • UnpackContent
  • UpdateAttribute
  • UpdateBoxFileMetadataInstance
  • UpdateByQueryElasticsearch
  • UpdateCounter
  • UpdateDatabaseTable
  • UpdateGauge
  • UpdateRecord
  • ValidateCsv
  • ValidateJson
  • ValidateRecord
  • ValidateXml
  • VerifyContentMAC
  • VerifyContentPGP
  • Wait

• Controller Services
  • ADLSCredentialsControllerService
  • ADLSCredentialsControllerServiceLookup
  • ADLSIcebergFileIOProvider
  • AmazonGlueEncodedSchemaReferenceReader
  • AmazonGlueSchemaRegistry
  • AmazonMSKConnectionService
  • ApicurioSchemaRegistry
  • AvroReader
  • AvroRecordSetWriter
  • AvroSchemaRegistry
  • AWSCredentialsProviderControllerService
  • AwsRdsIamDatabasePasswordProvider
  • AzureBlobStorageFileResourceService
  • AzureCosmosDBClientService
  • AzureDataLakeStorageFileResourceService
  • AzureEventHubRecordSink
  • AzureStorageCredentialsControllerService_v12
  • AzureStorageCredentialsControllerServiceLookup_v12
  • CEFReader
  • ConfluentEncodedSchemaReferenceReader
  • ConfluentEncodedSchemaReferenceWriter
  • ConfluentProtobufMessageNameResolver
  • ConfluentSchemaRegistry
  • CSVReader
  • CSVRecordLookupService
  • CSVRecordSetWriter
  • DatabaseRecordLookupService
  • DatabaseRecordSink
  • DatabaseTableSchemaRegistry
  • DBCPConnectionPool
  • DBCPConnectionPoolLookup
  • DeveloperBoxClientService
  • DistributedMapCacheLookupService
  • ElasticSearchClientServiceImpl
  • ElasticSearchLookupService
  • ElasticSearchStringLookupService
  • EmailRecordSink
  • EmbeddedHazelcastCacheManager
  • ExcelReader
  • ExternalHazelcastCacheManager
  • FreeFormTextRecordSetWriter
  • GCPCredentialsControllerService
  • GCSFileResourceService
  • GCSIcebergFileIOProvider
  • GrokReader
  • HazelcastMapCacheClient
  • HikariCPConnectionPool
  • HttpRecordSink
  • IPLookupService
  • JettyWebSocketClient
  • JettyWebSocketServer
  • JMSConnectionFactoryProvider
  • JndiJmsConnectionFactoryProvider
  • JsonConfigBasedBoxClientService
  • JsonPathReader
  • JsonRecordSetWriter
  • JsonTreeReader
  • JWTBearerOAuth2AccessTokenProvider
  • Kafka3ConnectionService
  • KerberosKeytabUserService
  • KerberosPasswordUserService
  • KerberosTicketCacheUserService
  • LoggingRecordSink
  • MapCacheClientService
  • MapCacheServer
  • MongoDBControllerService
  • MongoDBLookupService
  • ParquetIcebergWriter
  • PEMEncodedSSLContextProvider
  • PropertiesFileLookupService
  • ProtobufReader
  • ReaderLookup
  • RecordSetWriterLookup
  • RecordSinkServiceLookup
  • RedisConnectionPoolService
  • RedisDistributedMapCacheClientService
  • RESTIcebergCatalog
  • RestLookupService
  • S3FileResourceService
  • S3IcebergFileIOProvider
  • ScriptedLookupService
  • ScriptedReader
  • ScriptedRecordSetWriter
  • ScriptedRecordSink
  • SetCacheClientService
  • SetCacheServer
  • SimpleCsvFileLookupService
  • SimpleDatabaseLookupService
  • SimpleKeyValueLookupService
  • SimpleRedisDistributedMapCacheClientService
  • SimpleScriptedLookupService
  • SiteToSiteReportingRecordSink
  • SlackRecordSink
  • SmbjClientProviderService
  • StandardAzureCredentialsControllerService
  • StandardAzureIdentityFederationTokenProvider
  • StandardDatabaseDialectService
  • StandardDropboxCredentialService
  • StandardFileResourceService
  • StandardHashiCorpVaultClientService
  • StandardHttpContextMap
  • StandardJsonSchemaRegistry
  • StandardKustoIngestService
  • StandardKustoQueryService
  • StandardOauth2AccessTokenProvider
  • StandardPGPPrivateKeyService
  • StandardPGPPublicKeyService
  • StandardPrivateKeyService
  • StandardProtobufReader
  • StandardProxyConfigurationService
  • StandardRestrictedSSLContextService
  • StandardS3EncryptionService
  • StandardSSLContextService
  • StandardWebClientServiceProvider
  • Syslog5424Reader
  • SyslogReader
  • UDPEventRecordSink
  • VolatileSchemaCache
  • WindowsEventLogReader
  • XMLFileLookupService
  • XMLReader
  • XMLRecordSetWriter
  • YamlTreeReader
  • ZendeskRecordSink

• Reporting Tasks
  • AzureLogAnalyticsProvenanceReportingTask
  • AzureLogAnalyticsReportingTask
  • ControllerStatusReportingTask
  • MonitorDiskUsage
  • MonitorMemory
  • ScriptedReportingTask
  • SiteToSiteBulletinReportingTask
  • SiteToSiteMetricsReportingTask
  • SiteToSiteProvenanceReportingTask
  • SiteToSiteStatusReportingTask

• Parameter Providers
  • AwsSecretsManagerParameterProvider
  • AzureKeyVaultSecretsParameterProvider
  • DatabaseParameterProvider
  • EnvironmentVariableParameterProvider
  • GcpSecretManagerParameterProvider
  • HashiCorpVaultParameterProvider
  • KubernetesSecretParameterProvider
  • OnePasswordParameterProvider

• Flow Registry Clients
  • AzureDevOpsFlowRegistryClient
  • BitbucketFlowRegistryClient
  • GitHubFlowRegistryClient
  • GitLabFlowRegistryClient
  • NifiRegistryFlowRegistryClient

• Flow Analysis Rules
  • DisallowComponentType
  • RequireServerSSLContextService
  • RestrictBackpressureSettings
  • RestrictFlowFileExpiration

AwsSecretsManagerParameterProvider 2.9.0

Bundle

org.apache.nifi | nifi-aws-nar

Description

Fetches parameters from AWS SecretsManager. Each secret becomes a Parameter group, which can map to a Parameter Context, with key/value pairs in the secret mapping to Parameters in the group.

Tags

aws, manager, secrets, secretsmanager

Input Requirement

Supports Sensitive Dynamic Properties

false

• Additional Details for AwsSecretsManagerParameterProvider 2.9.0

  AWSSecretsManagerParameterProvider

  Mapping AWS Secrets to Parameter Contexts

  The AwsSecretsManagerParameterProvider maps a Secret to a Parameter Context, with key/value pairs in the Secret mapping to parameters. To create a compatible secret from the AWS Console:

  1. From the Secrets Manager service, click the “Store a new Secret” button
  2. Select “Other type of secret”
  3. Under “Key/value”, enter your parameters, with the parameter names being the keys and the parameter values being the values. Click Next.
  4. Enter the Secret name. This will determine which Parameter Context receives the parameters. Continue through the rest of the wizard and finally click the “Store” button.

  Alternatively, from the command line, run a command like the following:

  aws secretsmanager create-secret –name “[Context]” –secret-string ‘{ “[Param]”: “[secretValue]”, “[Param2]”: " [secretValue2]" }’

  In this example, [Context] should be the intended name of the Parameter Context, [Param] and [Param2] should be parameter names, and [secretValue] and [secretValue2] should be the values of each respective parameter.

  Plain Text Secrets

  Secrets that are not stored as JSON key/value pairs are also supported. When a secret value is not a JSON object (for example, a PEM-encoded private key or any other plain text string), it is treated as a single parameter whose name is the secret name and whose value is the entire secret string. The secret name is also used as the Parameter Context name.

  For example, to store a PEM key as a secret:

  aws secretsmanager create-secret –name “my-private-key” –secret-string file://path/to/key.pem

  This produces a Parameter Context named “my-private-key” containing a single parameter also named “my-private-key” with the contents of the PEM file as the value.

  Both JSON and plain text secrets can be mixed within the same Secret Name Pattern. Each secret is automatically detected and handled according to its format.

  Configuring the Parameter Provider

  AWS Secrets must be explicitly matched in the “Secret Name Pattern” property in order for them to be fetched. This prevents more than the intended Secrets from being pulled into NiFi.