Privacera Encryption Integrations¶
Privacera Encryption integrates with various data platforms and processing tools to enable secure and centralized encryption, masking, and tokenization workflows. This document describes integration overview, when to use the REST API, File Encryption Utility (FEU), Privacera Custom Encryptor, or Connectors, and key usage recommendations for each.
Each connector (Databricks, Trino, StreamSets, etc.) has its own dedicated integration guide. Refer to those guides for specific installation and configuration instructions.
When to use which integration¶
| Integration | Description | When to use |
|---|---|---|
| REST API | Server-side encryption/decryption via HTTP. Data is sent to the PEG server. | APIs, microservices, and ad‑hoc or scripting use. Best when payloads are within recommended limits ( ≤10MB per request). |
| File Encryption Utility (FEU) | Client-side file encryptor/decryptor; PEG provides scheme information only. Supports many file types (e.g., .zip, .png, .pdf, .doc, .json, .xml, .csv, .xlsx, .mp4, .txt). | File-based workflows; large files and high concurrency. |
| Privacera Custom Encryptor | For in-process protect/unprotect; results to output stream (console). Does not write files. | In-process encryption; need to print or display results. |
| Connectors | Native UDFs or plugins (e.g., Vertica, Databricks Unity Catalog). Encryption may be client-side or via PEG Server. | When your platform has a supported connector; prefer for platform-native encryption and masking. |
Integration Categories¶
Privacera Encryption supports the following types of integrations:
Plugin-Based Integrations¶
For data platforms for which Privacera provides plugin integrations, encryption and masking can be performed directly within the platform using UDFs or native connectors.
Below are some examples of supported platforms:
- Databricks Cluster
- Open Source and Starburst Trino
- Vertica
External Function Integrations¶
For data platforms which provide external function support, encryption and masking can be performed using UDFs or external functions. These integrations typically call out to the Privacera Encryption Gateway (PEG) for encryption and decryption operations.
Below are some examples of supported platforms:
- Snowflake
- Amazon Redshift
Data Pipeline Integrations¶
For data pipeline tools, Privacera provides built-in processors or custom scripts to enable encryption and masking operations. These integrations typically use native encryption where data is encrypted locally in the client or agent.
Below are some examples of supported platforms:
- Apache Spark
- StreamSets
File-Based Integrations¶
For file-based workflows, Privacera provides a File Encryption Utility (FEU) for encrypting and decrypting files. FEU runs on the client-side; the PEG server supplies scheme information only. It supports many file types (e.g., .zip, .png, .pdf, .doc, .tar.gz, .json, .xml, .wav, .xlsx, .mp4, .csv, .txt etc.).
Discovery & DLP Integrations¶
In Privacera Discovery, policies can be configured to automatically apply encryption or masking based on classification, workflow, and compliance context.
Usage and recommendations by integration¶
REST API¶
Use the REST API when your application sends data to the PEG server over HTTP for server-side encryption or decryption. For endpoints and authentication, see PEG REST API on Privacera Self-Managed.
| Aspect | Recommendation |
|---|---|
| Payload size | Prefer up to 10MB per request. |
File Encryption Utility (FEU)¶
FEU performs encryption and decryption on the client; the PEG server only provides scheme information. This reduces server load and improves scalability.
| Aspect | Recommendation |
|---|---|
| Dataset size | Suited for large datasets (e.g., 1GB, 3GB, or more). |
| Buffer size | Use a fixed buffer size for InputStream; use the same buffer size for both encryption and decryption to get correct results. |
Privacera Custom Encryptor¶
The Privacera Custom Encryptor also runs on the client; the PEG server provides scheme information only. You configure operations in action.properties; the library displays or prints results to the output stream (console). It does not write files.
See Privacera Custom Encryptor for setup and usage.
Connectors¶
Connectors provide native integration with data platforms (e.g., Vertica, Databricks) using UDFs. Use a connector when your platform is supported for integrated, platform-native encryption and masking. Examples: Vertica, Databricks Unity Catalog.
Summary¶
| Need | Prefer |
|---|---|
| HTTP API; small to moderate payloads (≤10MB) | REST API |
| Encrypt/decrypt files; large data; high concurrency | FEU |
| In-app encrypt/decrypt (streams, no files); print or display results to console | Privacera Custom Encryptor |
| Database or platform with a PEG connector | Connectors (e.g., Vertica, Databricks) |
- Prev topic: User and Roles
- Next topic: Data Validation