Skip to main content

User Guide

Key Management Environment Configuration

There are various settings that need to be configured for any type of Key Management System (KMS) that is enabled in an Environment:

Setting

Description

Key Management System

Select which type of Key Management System should be used. There are three KMS options available depending on if you are using Hadoop:

  • Hadoop (default Hadoop KMS)

  • Ionic Machina (optional KMS for use with Hadoop)

  • AWS Secrets Manager (can be used with or without Hadoop)

If None is selected, then any hashing rules, encryption rules, derived tokenization and HDFS Token Vault encryption will not be available for this Environnment.

KMS Location

Hadoop KMS URL : The URL of the Hadoop KMS. (If Hadoop is selected as the KMS.)

Ionic Machina Persistor Path : The path to the Ionic Machina Persistor. (If Ionic Machina is selected as the KMS.)

Note

For more information about setting up Ionic Machina as the KMS for the Privitar platform, see the separately provided Ionic Machina Reference Guide. (Please contact Privitar for further information about Ionic Machina integration.)

Key Management Environment Configuration . (If AWS Secrets Manager is selected as the KMS.)

The details required are:

  • AWS Region; set this to the AWS region that you will use to access the AWS Secrets Manager. For example, us-west-2. To ensure consistent hashing, it is important to use AWS Secrets Manager from the same region. If the region is not defined, the default region will be used by the Privitar processing engine (for example, POD, Hadoop nodes or SDK) which might be subject to change.

  • AWS Endpoint; set this to the url of the AWS endpoint that is used to make a private connection between your VPC and AWS Secrets Manager. When you use a VPC service endpoint, communication between your VPC and Secrets Manager occurs entirely within the AWS network, and requires no public Internet access. For security, it is recommended that this endpoint is created. For more information, see AWS Secrets Manager - User Guide.

  • AWS KMS Key; The master key that AWS Secrets Manager will use to protect every secret that it stores. It is recommended to define a master key. For more information, see AWS KMS Developer Guide.

Note

AWS Secrets Manager provides full support for the Hash Text rule. Support for other Privitar rules and functions has not been tested. It is recommended that these functions are not used in a production environment.

In this section: