Skip to content

Setup Guide: Installing Privacera Encryption in Vertica

This guide provides detailed, step-by-step instructions to install and configure Privacera Encryption within Vertica.

Step 1: Required Files

Download the following files from the Privacera Manager output folder:

Bash
1
cd ${PRIVACERA_MANAGER_HOME}/output/pegv2/vertica

Files to download:

  • encryption_vertica.sh
  • privacera_vertica_encryption.zip

Transfer these files to the Edge Node of Vertica (or whichever node you are using for installation).

Step 2: Login to the Edge Node

SSH into the edge node of the Vertica cluster (as the dbadmin user):

Bash
1
2
ssh dbadmin@<edge-node-ip>
sudo su - dbadmin

Unzip the encryption package:

Bash
1
unzip privacera_vertica_encryption.zip -d /opt/privacera/encrypt

Make the installer script executable:

Bash
1
chmod +x encryption_vertica.sh

Step 3: (Optional) Backup Existing Installation

If you want to preserve the current configuration, run:

Bash
1
2
3
4
5
6
cd /opt/privacera/encrypt

mkdir -p backup/$(date +%F)
mv privacera-peg-vertica-udf-v2.jar backup/
mv privacera_version.txt backup/
mv config/crypto.properties backup/

Step 4: Run the Installer Script

Execute the installation script:

Bash
1
./encryption_vertica.sh

Verify that the files were copied correctly:

Bash
1
2
ls /opt/privacera/encrypt/config/crypto.properties
ls /opt/privacera/encrypt/privacera-peg-vertica-udf-v2.jar

Step 5: Sync Configs Across Nodes (Multi-node Setup)

If your Vertica setup includes multiple nodes, perform the following on each additional node:

  1. Create required directory:
Bash
1
2
sudo mkdir -p /opt/privacera/encrypt/config
sudo chown dbadmin:verticadba -R /opt/privacera/encrypt
  1. Copy the config files from the edge node:
Bash
1
2
sudo su - dbadmin
scp -r /opt/privacera/encrypt/config/* dbadmin@<other-node-ip>:/opt/privacera/encrypt/config/

Step 6: Create UDX Functions in Vertica

Login to the Vertica database:

Bash
1
/opt/vertica/bin/vsql

Run the following SQL statements:

SQL
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
CREATE SCHEMA IF NOT EXISTS PRIVACERA;

-- Set Java path for Vertica UDX
SELECT SET_CONFIG_PARAMETER('JavaBinaryForUDx','/bin/java');

-- Drop library if exists
DROP LIBRARY IF EXISTS PRIVACERA.PRIVACERA CASCADE;

-- Create UDF Library
CREATE LIBRARY PRIVACERA.PRIVACERA AS '/opt/privacera/encrypt/privacera-peg-vertica-udf-v2.jar' LANGUAGE 'Java';

-- Create UDF functions
CREATE FUNCTION PRIVACERA.PROTECT AS LANGUAGE 'Java'
  NAME 'com.privacera.vertica.protect.ProtectVarcharFactory' LIBRARY PRIVACERA.PRIVACERA;

CREATE FUNCTION PRIVACERA.UNPROTECT AS LANGUAGE 'Java'
  NAME 'com.privacera.vertica.unprotect.UnProtectVarcharFactory' LIBRARY PRIVACERA.PRIVACERA;

CREATE FUNCTION PRIVACERA.MASK AS LANGUAGE 'Java'
  NAME 'com.privacera.vertica.mask.MaskVarcharFactory' LIBRARY PRIVACERA.PRIVACERA;

CREATE FUNCTION PRIVACERA.UNPROTECT AS LANGUAGE 'Java'
  NAME 'com.privacera.vertica.unprotect.UnProtectPresentationVarcharFactory' LIBRARY PRIVACERA.PRIVACERA;

Step 7: Validate Encryption and Decryption

Warning

  • This data is fictional and used for demonstration purposes only.
  • Any resemblance to real individuals is purely coincidental.

Run the following test query to validate:

SQL
1
2
3
SELECT 
  privacera.protect('Emily_Blake@example.com', 'SYSTEM_EMAIL') AS enc_email,
  privacera.unprotect(privacera.protect('Emily_Blake@example.com', 'SYSTEM_EMAIL'), 'SYSTEM_EMAIL') AS dec_email;

You should see:

  • An encrypted email string under enc_email
  • The original email restored under dec_email