Skip to content

Encrypt Sensitive Data in Signer Request and Response Payload

If you want to encrypt sensitive data in the signer request and response payload, follow these steps:

  1. SSH into the instance where Privacera Manager is installed.
  2. Run the following command to navigate to the /config directory.
    Bash
    1
    cd ~/privacera/privacera-manager/config
  3. Run the following command to open the .yml file for editing.
    Bash
    1
    vi custom-vars/vars.emr.yml
  4. Update the following property to redact sensitive data in debug logs at the root level:
    Bash
    1
2
    # uncomment to encrypt sensitive data in spark-plugin request/response payload. Default: `false`.
EMR_SPARK_ENCRYPT_SENSITIVE_PAYLOAD_DATA_ENABLED: "true"

  5. Once the properties are configured, then generate the updated emr-template.json file by running the following command: Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Text Only
    1
2
3
4
    ```bash
cd ~/privacera/privacera-manager
./privacera-manager.sh post-install
```

  6. After the post-install, create a new cluster using the newly generated emr-template.json file from the output directory.

Comments