Skip to content

Handling Single Character Encryption

The FPE algorithm is not capable of encrypting single characters (such as 'a', '8', 'ñ'), and attempting to do so will result in an error. This limitation can cause issues for ETL processes, such as Databricks jobs, Streamsets pipelines reading data through Kafka or MongoDB and FEU & Discovery large files processing.

To address this problem, PEG can be updated to skip or ignore single characters and either return an empty value or the original input value after encryption/decryption when FPE is used. By default, the configuration setting is enabled to return the original value. If the return value is set to empty for encryption/decryption, then it will be non-recoverable. However, the behavior can be changed by modifying a configuration variable in the vars.peg.yml file.

Setup

To configure the handling of single characters in FPE, you can set the following properties in the vars.peg.yml file:

Bash
1
2
cd ~/privacera/privacera-manager
vi config/custom-properties/vars.peg.yml

Add or update the following properties:

YAML
1
2
3
# Configuration for single character handling in FPE
PEG_V2_NATIVE_FPE_SKIP_SINGLE_CHAR: "true"
PEG_V2_NATIVE_FPE_SINGLE_CHAR_REPLACE: "ORIGINAL"
Property Name Default Description
PEG_V2_NATIVE_FPE_SKIP_SINGLE_CHAR true When value is true, skip encryption for single char when algo is FPE
PEG_V2_NATIVE_FPE_SINGLE_CHAR_REPLACE ORIGINAL Configure return value for single char:
- ORIGINAL: Return input value back after encryption/decryption
- EMPTY: Return empty string which is not recoverable

Restart Privacera Services

Bash
1
2
3
cd ~/privacera/privacera-manager
./privacera-manager.sh setup
./pm_with_helm.sh upgrade

Comments