Skip to main content

Privacera Documentation

Privacera Platform system security

SSL

By default Privacera creates self-signed SSL certificates for accessing the web interfaces and REST endpoints.

You have the option to supply your own self-signed or CA-signed SSL certificates.

Note

If you provide your own CA-signed certificate and if you rely on the Subject Alternative Name (SAN) field, be sure you specify all of your domains in the certificate's SAN field so that all necessary hostnames (such as your containers) and distributed Privacera services can communicate securely.

You should avoid using wildcards (*) in the SAN field. Wildcard certificates can create significant security risks because the same private key is used across multiple systems, thereby increasing the risk of compromise across your organization.

Vault

If you are using Privacera Encryption, then there is an option to store the master key in external HSM. If you intend to use external HSM, then the following are supported.

Encryption key for StorageClass

If you are deploying Privacera in Kubernetes and if you are using encrypted StorageClass, the key that you used will be needed during configuring Privacera.