Skip to main content

Privacera Platform

Enable password encryption for Privacera services
Enable password encryption for Privacera services

This topic covers how you can enable encryption of secrets for Privacera services such as Privacera Portal, Privacera Dataserver, Privacera Ranger, Ranger Usersync, Privacera Discovery, Ranger KMS, Crypto, PEG, and Privacera PolicySync. The passwords will be stored safely in keystores, instead of being exposed in plaintext.

By default, all the sensitive data of the Privacera services are encrypted.

CLI configuration
  1. SSH to the instance where Privacera is installed.

  2. Run the following command.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.encrypt.secrets.yml config/custom-vars/
    vi config/custom-vars/vars.encrypt.secrets.yml
  3. In this file set values for the following:

    Enter a password for the keystore that will hold all the secrets. e.g. Str0ngP@ssw0rd


    If you want to encrypt data of a Privacera service, you can enter the name of the property.


    To encrypt properties used by Privacera Portal:


    To encrypt properties used by Dataserver:


    To encrypt properties used by Encryption:

    >#Additional properties to be encrypted for Crypto


  4. Run the following command.

    >./ update

    For a Kubernetes configuration, you also need to run the following command:

    ./ restart
  5. To check keystores generated for the respective services.

    ls ~/privacera/privacera-manager/config/keystores