Troubleshooting Privacera Encryption¶

This section covers common issues and solutions related to Privacera Encryption installation and configuration.

Common Issues¶

Configuration Issues¶

Issue	Solution
Encryption service not starting	Check that the encryption configuration has been properly enabled and that all required parameters are set. After updating encryption configuration, restart the service.
Mismatched shared secrets	Ensure that the shared secrets are consistent across all services. Check the `PEG_V2_SHARED_SECRET` and `SCHEME_SERVER_SHARED_SECRET` values.
Master key storage errors	Verify that the master key storage configuration is correct. Only one type of storage should be configured at a time.

API Access Issues¶

Issue	Solution
JWT token authentication failure	Verify that the user has been properly set up in both Privacera Portal and Ranger. Ensure the user has the necessary permissions.
API access denied	Check scheme policy permissions to ensure users have appropriate access to the required encryption functions.
Numeric format errors	For schemes with numeric format type and FPE algorithm, ensure numeric data passed to `/protect` and `/unprotect` is provided as a string.

Encryption and Decryption Issues¶

Issue	Solution
Cannot decrypt data	Ensure the same encryption scheme that encrypted the data is used for decryption. Check that the format, algorithm, and scope settings match.
Invalid format errors	Verify that the data being encrypted matches the expected format for the scheme being used.
Empty or null results	Check for proper handling of null or empty input in your application.

Diagnostic Steps¶

Check Service Status:

For Privacera Platform:

Bash
kubectl get pods | grep peg
kubectl logs <peg-pod-name>

Verify Configuration:

Review encryption configuration files:

Bash
1 2	`cat ~/privacera/privacera-manager/config/custom-vars/vars.peg.yml cat ~/privacera/privacera-manager/config/custom-vars/vars.peg-master-key-storage.yml`

Test API Access:

Test API access using a simple curl command:

Bash
curl -X POST -H "Authorization: Bearer <jwt-token>" -H "Content-Type: application/json" \
  -d '{"scheme": "SCHEME_NAME", "data": "text_to_encrypt"}' \
  https://<host>/api/peg/v2/protect

Check Scheme Policy:

Verify scheme policy permissions in the Privacera Portal: Go to Access Management > Scheme Policies > PEG > ACCESS

Additional Resources¶

Troubleshooting¶

Steps to Check if PEG is Enabled

Log in to the Privacera portal.
On the left side menu bar, check if the "Encryption & Masking" tab is present.
If the "Encryption & Masking" tab is visible, then PEG is enabled.

Steps to check PEG Version:

Steps to check PEG Server Version Kubernetes Mode Deployment

Bash
kubectl exec -it <peg_server_pod_name> -n <namespace> -- bash -c "cat privacera_version.txt"

Steps to check Scheme Server Version Kubernetes Mode Deployment

Bash
kubectl exec -it <schemer_server_pod_name> -n <namespace> -- bash -c "cat privacera_version.txt"

Steps to do PEG Health Check:

Once the update is successful , we can verify if the installation is successful by checking if the peg and scheme server are running or not.

PEG and SCHEME SERVER EXTERNAL url can be obtained by executing the below command. This url has domain and port details.

Bash
cd ~/privacera/privacera-manager 

cat output/service-urls.txt

Health Check API for PEG Server

Bash
curl  -k --location -g --request GET '<PEG_EXTERNAL_URL>/api/peg/healthcheck'

Below Response will be seen if the PEG Server is running

Bash
Privacera Encryption Gateway(PEG) server running...!

2. Health Check API for SCHEME Server

Bash
curl -k --location -g --request GET '<SCHEME_SERVER_EXTERNAL_URL>/api/healthcheck'

Below Response will be seen if the Scheme server is running

Bash
Privacera Scheme Server running...!

Prev topic: Advanced Configuration