Skip to content

Preview: Encryption UDFs for Trino

These are details on how to install and configure the Privacera jar in Trino to use Privacera-supplied Encryption UDFs in Trino to encrypt or decrypt data.

These encryption UDFs are defined in the Privacera Crypto jar. You do not need to define them yourself.

Syntax of Privacera Encryption UDFs for Trino#

The Privacera Crypto jar includes the following UDFs:

  • With the quoted '<encryption_scheme_name>', the protect UDF encrypts all values of <column_name> in <table_name>:

    select protect(<column_name>, <encryption_scheme_name>) from <table_name>;
    
  • With the quoted '<encryption_scheme_name>', the unprotect UDF decrypts all values of <column_name> in <table_name>:

    select unprotect(<column_name>, <encryption_scheme_name>) from <table_name>;
    

For example usage, see Example Queries to Verify Privacera-supplied UDFs.

Prerequisites for Installing Privacera Crypto Plug-in for Trino#

The following should already be ready:

  • A fully functional installation of Trino.

  • The users who will use the UDFs have sufficient access to the pertinent tables.

Variable Values to Obtain from Privacera#

The values for these variables are used in installing the Privacera Crypto jar and referenced in these procedures:

  1. Contact your Privacera account representative or Privacera Support to obtain the value of the following variable, which is the location of the Privacera Crypto jar file for downloading:

    PRIVACERA_BASE_DOWNLOAD_URL

  2. Variables to be set in Set variables in Trino etc/crypto.properties:

    1. For the value <PrivaceraCloud_Encryption_URL> set in the privacera.peg.base.url property, in PrivaceraCloud:

      1. Go to Settings > Api Key.
      2. In the PEG section, click the “i“ (Api Key Info).
      3. Click COPY URL.
      4. Save this value.
    2. For the value PrivaceraCloud_Encryption_Username set in the privacera.peg.username property and the value PrivaceraCloud_Encryption_Password set in the privacera.peg.password property, in PrivaceraCloud:

      1. Go to Settings > Account.
      2. In the PRIVACERA ENCRYPTION section, click Edit.
      3. In the displayed Privacera Encryption Configuration popup window, copy the values of Username and Password.
      4. Save these values.

Download Privacera Crypto Jar#

Using the value of <PRIVACERA_BASE_DOWNLOAD_URL>, which you obtained from Privacera, run the following commands to download the Privacera Encryption jar:

export PRIVACERA_BASE_DOWNLOAD_URL=<PRIVACERA_BASE_DOWNLOAD_URL>
wget <PRIVACERA_BASE_DOWNLOAD_URL>/privacera-crypto-jar-with-dependencies.jar -O privacera-crypto-jar-with-dependencies.jar

Copy privacera-crypto-jar-with-dependencies.jar to the Trino directory plugin/privacera.

Set variables in Trino etc/crypto.properties#

Create a file in Trino called etc/crypto.properties and add the following to it, using the variable values you copied in Variable Values to Obtain from Privacera:

privacera.crypto.native.threadpool.size=100
privacera.peg.base.url=<PrivaceraCloud_Encryption_URL>
privacera.peg.username=<PrivaceraCloud_Encryption_Username>
privacera.peg.password=<PrivaceraCloud_Encryption_Password>
privacera.crypto.session.cache.size=1000
privacera.deployment.mode.saas=true

Restart Trino to Register the Privacera Crypto UDFs for Trino#

 # Go to Trino bin directory
 cd /<trino_installation_directory>/bin
 # Restart Trino
 ./launcher restart

Example Queries to Verify Privacera-supplied UDFs#

See the syntax detailed in Syntax of Privacera Encryption UDFs for Trino.

The following example query with the protect UDF encrypts the cleartext CUSTOMER_EMAIL column of the CUSTOMERS table using the quoted'EMAIL' encryption scheme:

select protect(CUSTOMER_EMAIL, `EMAIL`) from CUSTOMERS;

The following example query with the unprotect UDF decrypts the encrypted CUSTOMER_EMAIL column of the CUSTOMERS table using the quoted 'EMAIL' encryption scheme:

select unprotect(CUSTOMER_EMAIL, 'EMAIL') from CUSTOMERS;

Last update: April 11, 2022