Skip to main content

Privacera Platform

Table of Contents

Install Privacera Encryption


Encryption deployment specifications

These are the minimal specifications for running Privacera Encryption in production.



Minimum Configuration

Number of CPUs



32 GB

Network bandwidth

10 Gbps

Software and server configuration

These are the specifications and configurations for Privacera Encryption software components.

Tomcat and Privacera Encryption settings

To configure Tomcat and Privacera Encryption, you must set properties in the following variable file:

  • ~/privacera/privacera-manager/config/custom-vars/vars.peg.yml

In the variable file, set the following properties:







After setting these properties, you must update Privacera Manager.

Operational specifications

These specifications relate to the operational use of Privacera Encryption.

Batch together the elements in the PEG REST API endpoints in the datalist JSON array of the /protect or /unprotect request.

  • Minimum batch size: 2,000 elements per request.

  • Maximum recommended batch size: 15,000.

  • Maximum number of requests: 1,800.


Network latency can impact performance. Your network architecture should be optimized.

Installation Steps

Privacera Encryption and the Privacera Encryption Gateway (PEG) are enabled in the Privacera Manager.

Follow the instructions in the links below to install and enable the Privacera Manager components for encryption.

Provide user access to Ranger KMS

To provide user access to the keys needed for encryption, you must create a policy in Apache Ranger KMS. To do so, follow these steps:

  1. Log in to the Ranger portal and select Access Manager > Resource Based Policies.

  2. In the KMS section, click privacera_kms.

  3. In the List of Policies: privacera_kms section, click Add New Policy.

  4. In the Create Policy screen, enter the following information to create a policy and provide access to the user:

    • Policy Name: Enter the access policy name.

    • Policy Label: Enter a label name (optional).

    • Key Name: Type a character to list the existing key names that are already generated in Ranger.

    • Description: Enter a description for the policy.

    • Audit Logging: Toggle Yes or No.

  5. In the Allow Conditions section, select the following:

    • Select Role: Enter or select from existing roles.

    • Select Group: Enter or select from existing group.

    • Select User: This is the username that will be used in the encryption API - select or enter a new user name.

    • Add Permissions: Select user permissions - Create, Delete, Rollover, Set Key Material, Get, Get Keys, Get Metadata, Generate EEK, Decrypt EEK, Select/Deselect All.

    • Delegate Admin: If this user is delegate as the admin.

  6. Similarly, for specific users, you can select users to Exclude from Allow Conditions, Deny Conditions, Exclude from Deny Conditions.

  7. Click Add to save the policy.

Provide user access for Encryption Service

To set user access for the Encryption Service in the Apache Ranger KMS, follow these steps:

  1. Log in to the Ranger portal.

  2. In the Access Manager tab, select privacera_kms policy.

  3. Click the edit button next to the all - key policy.

  4. In the Allow Conditions section, search and select privacera_service_discovery user from the Select User dropdown menu.

Enable telemetry data collection

By default, the collection of telemetry data about the use of the Privacera Encryption Gateway (PEG) is disabled.

To enable telemetry data collection, follow these steps:

  1. Copy the vars.peg.yml configuration file to custom-vars/:

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.peg.yml config/custom-vars/
    vi config/custom-vars/vars.peg.yml
  2. Edit the following properties in vars.peg.yml. For a list of custom properties that can be configured for the Solr service, see Solr.

  3. Restart Privacera Manager:

    ./ update

    Telemetry data collection is enabled.