Starting the Nifi Docker container by retrieving parameters from Vault

Learn about how to start the Nifi Docker container by specifying CONFIGURE_MODE=Vault.

Mandatory environment variables

These are the mandatory environment variables that you must specify to configure the Nifi Docker container to retrieve additional parameters from Vault.


Environment variable name	Description	Comments
TENANT	The name of the group that contains your set of environments. For example, `MyCompany`.	Container environment variable. This can be specified in the values.yaml configuration file under `common.tenant`.
ENVIRONMENT	The name of the environment. For example, `Non-production`.	Container environment variable. This can be specified in the values.yaml configuration file under `common.environmentName`.
VAULT_TOKEN	The Vault token to use to connect to Vault and request certification from Vault PKI.	Container environment variable. This can be specified in the values.yaml configuration file under `common.vaultToken`.
VAULT_URL	The Vault URL to use to connect to Vault and request certification from Vault PKI.	Container environment variable. This can be specified in the values.yaml configuration file under `common.vaultUrl`.
CONFIGURE_MODE	The configure mode. Accepted values are: `Vault` for Vault configuration. `EnvVariables` for environment variables configuration. Set this value to `Vault` to use Vault configuration, and the configurations present within this reference.	Container environment variable. This can be specified in the values.yaml configuration file under `common.configureMode`.

Mandatory Vault configuration variables

These are the mandatory Vault key values that you must specify within Vault to configure the Nifi Docker container to use the Vault configuration mode.


Vault path	Description	Reference Environment Variable
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/dbHost`	The database host name for the environment.	${ENVTYPE}_DBHOST
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/dbPort`	The database port number.	${ENVTYPE}_DBPORT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/dbUser`	The HCL Commerce database user name.	${ENVTYPE}_DBUSER
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/dbPassword`	The HCL Commerce database user password.	${ENVTYPE}_DBPASS
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/dbName`	The database name.	${ENVTYPE}_DBNAME
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/spiUserName` Note: This value is optional as of HCL Commerce 9.1.7.0.	The spiuser user name. If the value is not defined, then `spiuser` is used.	SPIUSER_NAME
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/adminSpiUserPwd`	The plain text spiuser user password. The ADMIN_SPIUSER_PWD must be the same value as SPIUSER_PWD but kept as plain text. To set the password in your custom Docker containers, see Setting the spiuser password in your Docker images.	ADMIN_SPIUSER_PWD
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/elasticSearchHost`	Specify an elasticSearchHost value.	ELASTICSEARCH_HOST
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/elasticSearchPort`	Specify a value if you want to set an elasticSearchPort value, instead of using the default value.	ELASTICSEARCH_PORT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/zookeeperHost`	Specify a value if you want to set a zookeeperHost value, instead of using the default value.	ZOOKEEPER_HOST
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/redisHost`	Specify the Redis hostname that NiFi will connect to for event messages.	REDIS_HOST

Optional Vault configuration variables

These are the optional Vault key values that you can specify within Vault to configure the NiFi Docker container when used with the Vault configuration mode.


Vault path	Description	Reference Environment Variable
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/domainName`	Specify the internal service domain name. If the deployed environment is on a special namespace on Kubernetes, then the domain name should be .svc.cluster.local. If no value is specified, then the default, `default.svc.cluster.local`, is used.	DOMAIN_NAME
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/dbType`	The database type. Accepted values are: `db2` for IBM Db2 Database. `oracle` for Oracle Database. The default value is `db2`.	${ENVTYPE}_DBTYPE
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/dbSchema`	The database schema.	${ENVTYPE}_DB_SCHEMA
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/dbSSLEnable`	Specify whether the database connection uses SSL. Accepted values are: `true` for an SSL connection. `false` for an unencrypted connection. The default value is `false`. Note: You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault.	${ENVTYPE}_DB_SSLENABLE
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/dbSSLEnable`	Specify whether the database connection uses SSL. Accepted values are: `true` for an SSL connection. `false` for an unencrypted connection. The default value is `false`. Note: You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault.	DB_SSLENABLE
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/jdbcUrl`	Specify the database connection URL. The URL is constructed based on the database type and whether or not SSL is enabled. With SSL: `{ENVTYPE}_JDBC_URL="jdbc:db2://${ENVTYPE}_DBHOST}:{ENVTYPE}_DBPORT/{ENVTYPE}_DBNAME}:sslConnection=true;"` Without SSL: `{ENVTYPE}_JDBC_URL="jdbc:db2://${ENVTYPE}_DBHOST}:{ENVTYPE}_DBPORT/{ENVTYPE}_DBNAME}` With SSL: `{ENVTYPE}_JDBC_URL=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST={ENVTYPE}_DBHOST)(PORT={ENVTYPE}_DBPORT))(CONNECT_DATA=(SERVICE_NAME={ENVTYPE}_DBNAME)))` Without SSL:`ENVTYPE_JDBC_URL="jdbc:oracle:thin:@"{ENVTYPE}_DBHOST:{ENVTYPE}_DBPORT/{ENVTYPE}_DBNAME`	${ENVTYPE}_JDBC_URL
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/jdbcDriver`	Specify a value if you want to change the default database driver location for NiFi. The default values are: /opt/nifi/nifi-current/lib/db2jcc4.jar /opt/nifi/nifi-current/lib/ojdbc8.jar	${ENVTYPE}_JDBC_DRIVER_LOCATION
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/jdbcDriverClass`	Specify a value if you want to change the default database driver class for NiFi. The default values are: com.ibm.db2.jcc.DB2Driver oracle.jdbc.driver.OracleDriver	${ENVTYPE}_JDBC_DRIVER_CLASSNAME
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/elasticSearchPort`	Specify a value if you want to set an elasticSearchPort value, instead of using the default value.	ELASTICSEARCH_PORT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/elasticSearchScheme`	Specify a value if you want to set an elasticSearchScheme value, instead of using the default value.	ELASTICSEARCH_SCHEME
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/elasticSearchShardCount`	Specify the number of shards to store the indexes for that environment, within the Elasticsearch service. The default value is `1`.	AUTH_ELASTICSEARCH_SHARD_COUNT LIVE_ELASTICSEARCH_SHARD_COUNT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/elasticSearchReplicaCount`	Specify the number of replicas for indexes for that environment, within the Elasticsearch service. The default value is `0`.	AUTH_ELASTICSEARCH_REPLICA_COUNT LIVE_ELASTICSEARCH_REPLICA_COUNT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/zookeeperHost`	Specify a value if you want to set a zookeeperHost value, instead of using the default value.	ZOOKEEPER_HOST
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/zookeeperPort`	Specify a value if you want to set a zookeeperPort value, instead of using the default value. The default value is `2181`.	ZOOKEEPER_PORT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/zookeeperScheme`	Specify a value if you want to set a zookeeperScheme value, instead of using the default value. The default value is `http`.	ZOOKEEPER_SCHEME
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiClusterIsNode`	Specify whether the NiFi installation is a standalone installation. Accepted values are: `true` for a node in a NiFi cluster. `false` for standalone installation. The default value is `false`.	NIFI_CLUSTER_IS_NODE
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiClusterNodeProtocalPort`	Specify a value for the NiFi cluster node port. The default value is `8082`.	NIFI_CLUSTER_NODE_PROTOCOL_PORT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiElectionMaxWait`	Specify a value if you want to if you want to set the maximum wait time for the NiFi election node service.	NIFI_ELECTION_MAX_WAIT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiJvmHeapInit`	Specify a value if you want to set a `nifiJvmHeapInit` value, instead of using the default value.	NIFI_JVM_HEAP_INIT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiHost`	The NiFi service host name. The default value is `nifi`.	NIFI_HOST
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiPort`	The Nifi service port. The default value is `30600`.	NIFI_PORT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiScheme`	The Nifi service scheme. The default value is `http`.	NIFI_SCHEME
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiWebHttpPort`	The NiFi service web HTTP port. The default value is `30600`.	NIFI_WEB_HTTP_PORT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/queryHost`	The Search server host name for the Elasticsearch-based search solution. Specify a value if you want to set queryHost, instead of using the default value.	QUERY_HOST
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/queryPort`	The Search server port number for the Elasticsearch-based search solution. Specify a value if you want to set queryPort, instead of using the default value. The default value is `30901`.	QUERY_PORT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/${ENVTYPE}/queryScheme`	The Search server scheme for the Elasticsearch-based search solution. Specify a value if you want to set queryScheme, instead of using the default value. The default value is `https`.	QUERY_SCHEME
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nlpEnableLanguageCode`	The language code for the Natural Language Processing (NLP) feature. Specify a comma separated list of language codes for natural language processing. For example, `en,es`. In this example, NLP is enabled for both English and Spanish. For HCL Commerce 9.1.11.0 and greater, there is no default value. You must specify a value if you want to enable NLP. If you do not set this value, or leave it empty, NLP remains disabled. For HCL Commerce 9.1.0.0 through 9.1.10.0, the default value is set to `en`, which enables the NLP feature for the English language.	NLP_ENABLE_LANGUAGE_CODE
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/redisHost`	Specify the Redis hostname that NiFi will connect to for event messages.	REDIS_HOST
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/redisPort`	Specify the Redis port number that NiFi will connect to for event messages. The default value is `6379`.	REDIS_PORT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/redisPasswordEncrypt`	The encrypted Redis server password.	REDIS_PASSWORD_ENCRYPT
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/enableJsonLogging`	Enable JSON logging. Accepted values are `true` to enable JSON logging. `false` to disable JSON logging. The default value is `false`.	ENABLE_JSON_LOGGING
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/indexingModel`	The indexing model for the NiFi server is optional. By default, it is set to empty. The following options are available: empty: It is applied for both CAS and eSite indexing models. CAS: Uses the CAS indexing model. eSite: Uses the eSite indexing model. Note: Ensure that the `wc.search.CASIndexModel` value for store 0 in the storeconf table is set correctly based on the indexing model. If the indexing model is empty: Both `esite` and `cas` Ingest Connectors will be created in NiFi. In this case, `wc.search.CASIndexModel` for store 0 can be set to either `true` or `false`. If the indexing model is set to `esite`: Only `esite` Ingest Connectors will be created in NiFi. The `wc.search.CASIndexModel` for store 0 must be set to `false` (default). If set to `true`, the build index will fail because `cas` Ingest Connectors are not created. If the indexing model is set to `cas`: Only `cas` Ingest Connectors will be created in NiFi. The `wc.search.CASIndexModel` for store 0 must be set to `true` (default). If set to `false`, the build index will fail because `esite` Ingest Connectors are not created.	INDEXING_MODEL