Setup for File Encryption Utility¶
-
Once PEG is up and running, the necessary FEU configuration files are automatically generated at the following location on the Privacera Manager host: “${PRIVACERA_MANAGER_HOME}/output/pegv2/feu/”
-
Download the privacera-feu.zip archive, which contains the executable JAR file and the required configuration files.
-
Extract the contents of privacera-feu.zip to a local directory.
-
The crypto-config folder contains the following files:
- crypto.properties ( FEU, PEG related properties )
- privacera-file-encryption.jar ( FEU execution jar )
- privacera_version.txt ( version file )
- feu-pegv2-secrets-keystore.jks [ Optional ] ( secret file for sensitive data )
- global-truststore.p12 (SSL certificate)
-
Grant Required Permissions to the Integration User.
-
To enable proper integration with the File Encryption Utility (FEU), perform the following steps:
- Grant getScheme Permission
- Assign the getScheme permission to the user feu-integration-user by updating all default policies (i.e., policies with names ending in *-encryption-scheme-all) in the privacera_peg service.
- For FEU allow to Impersonate the Integration User
- Configure FEU to impersonate the feu-integration-user. This is required for validating protect and unprotect permissions on the encryption schemes being used.
-
Now, we are ready for FEU execution by using privacera-file-encryption.jar
- Prev topic: Prerequisites for file encryption utility
- Next topic: User Guide: Running the File Encryption Utility (FEU)