User Guide – Privacera Encryption Gateway (PEG)¶
Privacera Encryption Gateway (PEG) enables secure, policy-driven encryption and decryption of sensitive data across hybrid and multicloud environments. It is tightly integrated with the Privacera Platform and works seamlessly with various data platforms including Databricks, StreamSets, Trino, Redshift, and more.
PEG provides advanced field-level encryption, format-preserving encryption (FPE), tokenization, masking, and hashing—ensuring both security and data usability. It supports vaultless tokenization and strong AES encryption (128-bit and 256-bit), making it ideal for securing personally identifiable information (PII), financial records, and other regulated data.
Key Features¶
-
Centralized Encryption Management
Define, manage, and enforce encryption schemes and policies through a unified interface within Privacera. -
Flexible Encryption Algorithms
Support for Format-Preserving Encryption (FPE), AES (Standard/256-bit), tokenization, hashing (SHA-256/SHA-512), and masking. -
Integrated Key Management
Use Privacera Vault or connect to external KMS providers like AWS KMS and Azure Key Vault to securely manage keys. -
Native Integration with Data Platforms
Out-of-the-box connectors for Databricks, StreamSets, Trino, Snowflake, Redshift, and more—with native UDF support and automated certificate provisioning. -
Policy-Driven Encryption Controls
Apply fine-grained encryption policies using Privacera's policy engine, based on user roles, data classification, or context. -
Secure REST API & CLI Support
Perform encryption, decryption, and masking through secure REST endpoints and command-line utilities.
Benefits¶
-
Stronger Data Security
Encrypt sensitive fields at the column level—across databases, files, and streaming data—to reduce the risk of breaches. -
Regulatory Compliance
Meet data privacy and security requirements for GDPR, HIPAA, PCI DSS, and other regulations with built-in auditability. -
Operational Flexibility
Deploy with or without a cloud vault, support for deterministic and non-deterministic encryption modes, and customizable scheme formats. -
Data Usability with Privacy
Use FPE and selective masking to protect sensitive data without disrupting downstream systems, analytics, or workflows. -
High Performance
Native UDFs and PEG's caching mechanism reduce API roundtrips and ensure minimal performance overhead for real-time encryption.
Additional Reading
- Installation Guide: Learn how to install and configure Privacera Encryption.
- Prev topic: User Guide
- Next topic: Encryption Key Concepts and Terminology