Skip to main content

Privacera Documentation

Install Privacera Manager on Privacera Platform

Before installing Privacera Manager, make sure you have downloaded all of the required Privacera installation packages. For more information, see Download the Privacera Platform installation packages. You can also run pre-validation checks to test your service configurations. For more information, see Validations on Privacera Platform.

Set up your environment

  1. Copy the template configuration file sample.vars.privacera.yml to vars.privacera.yml and modify it for your specific environment.

    cd ~/privacera/privacera-manager
    cp config/sample.vars.privacera.yml config/vars.privacera.yml 
    vi config/vars.privacera.yml
  2. Edit the properties in the file.

    Property Name


    Example Values


    This is the environment name. Specify a value that includes only lowercase alphanumeric characters or dashes (-), starts and ends with an alphanumeric character, and is no longer than 63 characters.

    privacera-env; privacera-prod; privacera-1


    If the Privacera Platform has a fully qualified domain name (FQDN) assign that value, otherwise leave the property commented out.



    The hub username access credential, set to the value provided for <PRIVACERA_HUB_USER>.


    For an air-gap install, enter the username of the internal repository URL.


    The hub password access credential, set to the value assigned for <PRIVACERA_HUB_PASSWORD>.


    For an air-gap install, enter the password of the internal repository URL.


    The image tag, set to the value assigned for <PRIVACERA_IMAGE_TAG>.


    The download URL, set to the value assigned for <PRIVACERA_BASE_DOWNLOAD_URL>.


    This is the deployment size. Valid values are SMALL (default), MEDIUM and LARGE.

    For more information on CPU, memory, disk space, etc., for the deployment sizes, see Privacera Platform deployment size.


    This is applicable only for a Kubernetes environment.


Configure the deployment mode


To deploy Privacera as Docker containers, simply copy the Docker properties template into custom-vars/ folder.

cd ~/privacera/privacera-manager 
cp config/sample-vars/vars.docker.yml config/custom-vars/


  1. To use and create a Kubernetes based deployment, first copy the Kubernetes properties template into the custom-vars/ folder.

    cd ~/privacera/privacera-manager 
    cp config/sample-vars/vars.kubernetes.yml config/custom-vars/
  2. Open the YML file.

    vi config/custom-vars/vars.kubernetes.yml
  3. Edit the following properties:

    #Zones for Storage. For now, only one zone should be given
    #  - "us-east-1a"
    #Default as 1, Recommended value is 32Gi and 3 for CLUSTER SIZE
    #Default as 1, Recommended value is 32Gi and 3 for CLUSTER SIZE
    #If your storage is encrypted, then set the below property
    #K8S_PV_ENCRYPTED: "true"
    #For AWS, it is ARN with keyId. E.g. arn:aws:kms:us-east-1:<account>:key/<hash>]
    #K8S_PV_KEY: ""
    PRIVACERA_INSTALL_MODE: "kubernetes"
    #Uncomment to obtain external loadbalancer. Default values are "false"

By default, Privacera creates a service account with the name, privacera-sa. The account is bound to a namespace-level Role and RoleBinding, whose default values are privacera-sa-role and privacera-sa-role-bind respectively. If you want to change the default values of these three Kubernetes objects, click here.

For more information about configuring the service account, click here.

Configure the cloud platform

AWS Cloud Platform

  1. For an AWS cloud environment, copy the sample AWS configuration file to custom-vars/.

    cd ~/privacera/privacera-manager/config/ 
    cp sample-vars/ custom-vars/
  2. Edit the following configuration file:

    vi custom-vars/
  3. Set the property value for AWS_REGION based on where your instance will be running.

Azure Cloud Platform

  • For an Azure environment, copy the sample configuration file to custom-vars/.

    cd ~/privacera/privacera-manager/config/
    cp sample-vars/ custom-vars/

Google Cloud Platform

  1. For a Google Cloud Platform environment, copy the sample GCP configuration file to custom-vars/.

    cd ~/privacera/privacera-manager/config/ 
    cp sample-vars/vars.gcp.yml custom-vars/
  2. Edit this configuration file:

    vi custom-vars/vars.gcp.yml
  3. Set the Project ID of your GCP project, this value can be found in the Google Console.

Configure secrets in keystores

Privacera can encrypt secrets used in Privacera services, this allows passwords to be stored safely in keystores, instead of being exposed in plaintext. Note that this does not need to be configured initially to install Privacera Manager, but is necessary for security in a production environment.

Learn more on how to Enable password encryption for Privacera Platform services.

Configure SSL

To secure your connections with Privacera, you can use self-signed or CA signed certificates.

Note these configurations are not required initially to install Privacera Manager, but is necessary for security in a production environment.

Default Privacera services

The following are core services that are installed as part of Privacera Manager. Make configurations to these services as needed based on your environment, click the Configure links below to learn more.

  • Privacera Portal - This is your Privacera dashboard for data access control and policy management across multiple cloud services.

  • Apache Ranger - Apache Ranger is an open-source project for data access governance for Big Data environments.

  • MariaDB - MariaDB is an open source relational database. It is part of most cloud offerings and the default in most Linux distributions.

  • Apache Zookeeper - ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. Configure access to a Zookeeper pod.

  • Apache Solr - Solr is an open source enterprise search platform built on Apache Lucene. Enable Solr authentication on Privacera Platform.

  • AuditServer - You can set up an AuditServer to receive audits from Privacera Plugins and Ranger Admin and send those audits to Solr and Fluentd. Configure Solr destination on Privacera Platform.

Run the Privacera Manager install script

Run the following script to install Privacera Manager. This will initiate the installation process and install all the services based on the defined configurations.

cd ~/privacera/privacera-manager 
./ update

Privacera Service URLs

You can access the services either as Docker containers or Kubernetes pods. Privacera Manager records the URIs for each of the key services. These are written to standard output and will look similar to the following:





Each service provides you with an internal and external URL. To access a Privacera service, use the external URL of the service. For example, to access Privacera Portal, copy its external URL in a browser, and log on with default username/password: 'padmin' / 'padmin'.


Reset your administrator account ('padmin') password according to your enterprise policy. This password can be changed in the Privacera Portal under "Settings: User Management". For more information, see Portal user management.

Next Steps: Configure Privacera services

Once Privacera Manager is installed you can configure the component services listed below. Each of the services has a set of default and custom configurations. The default configurations are the minimum settings required for the service to run, whereas the custom configurations are the advanced/additional settings of the service to extend its functionality.

  1. Access Manager

  2. Discovery

  3. Encryption and Masking

    Configure a service for encryption and masking: