Sample BDT Policy File
The following is a sample BDT policy:
{
"id" : "SqlServerSample-90643295a90sdf5", /* Transformation policy id. */
"name" : "SqlServerSample", /* Name of the policy. */
"description" : /* Description of the policy. */
"caseSensitive" : true, /* True or false. Default value is false. If set to "true", all the database objects mentioned in the policy file will be processed in the same case as input. If set to "false", all the database objects mentioned in the policy file will be automatically converted to UPPERCASE. */
"source": { /* Details of the data source. */
"@type": "CSV_FILE", /* Source type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "input.csv", /* The file path relative to the inputDir or outputDir path in the config file. */
"delimiter": ",", /* The character that is used to divide one column from the next in the input file. */
"qualifier": "\"", /* The character to enclose fields that contain a delimiter character. This is used when source is a file and the delimiter character is itself a part of the data to be transformed. So to tell BDT that this is not a delimiter, user can enclose input data by a qualifier and mention qualifier here in this field. */
"unescapeInput": false, /* True or false. Default value is false. If "true", delimiter and qualifier characters in input preceded by a backslash (\) are considered as normal characters and part of the input data. */
"columnCount": "5", /* Number of columns in the input file. */
"hasHeaderRow": false /* True or false. Default value is false. If "true", the utility will treat the first row as a header row. Values from this row will be treated as column names. The same column names should be mentioned in the transformation action. If "false", the utility will treat all the rows as data to be transformed. */
},
"destination": { /* Details of the data destination. */
"@type": "CSV_FILE", /* Destination type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "output.csv" /* The file path relative to the inputDir or outputDir path in the config file. */
},
"tables" : [ { /* List of the tables to be transformed. */
"sourceSchema" : "DEMO", /* Owner/schema name where source table belongs to, otherwise it will use default owner/schema. */
"destinationSchema" : "DEMOdes", /* Owner/schema name where destination table belongs to, otherwise it will use default owner/schema. */
"columns" : [ { /* List of the columns to be transformed. */
"name" : "FirstName", /* Name of the column. */
"action" : "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, TOKENIZE, DESede. */
"key" : "key1", /* Name of the encryption key. */
"characterSet" : "alphanumeric", /* Name of the charset. */
"tweak" : "010ACD5B99F3C343", /* Used for column level tweak data. */
"allowSingleCharInputs" : false, /* True or false. Default is false. Applicable to FPE and FF1 only. If true, single character inputs are passed through untransformed, but otherwise transformation continues. If false, row transformation fails for single character inputs. */
"keepleft" : 0, /* Number of characters to be preserved from left. It is applicable only if @type is FPE or FF1. */
"keepright" : 0, /* Number of characters to be preserved from right. It is applicable only if @type is FPE or FF1. */
"policyVersion": 1 /* Specifies version information of the protection policy. Applicable only for DPG initial encryption. */
} ]
} ,
{
"name" : "LastName", /* Name of the column. */
"action" : "DECRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, TOKENIZE, DESede. */
"key" : "key1", /* Name of the encryption key. */
"iv" : "01020304050607080102030405060708", /* Initialization Vector. It is recommended to specify random generated IV, and do not reuse any IV. */
"header": "" /* Used only when encrypting/decrypting using VAE. */
"inputEncoding" : 0, /* Encoding of Input data. */
"outputEncoding" : 0, /* Encoding of output data. */
"policyVersion": 1 /* Specifies version information of the protection policy. Applicable only for DPG initial encryption. */
} ]
} ,
{
"name" : "GENDER", /* Name of the column. */
"action" : "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "DESede", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, TOKENIZE, DESede. */
"key" : "key1", /* Name of the encryption key. */
"iv" : "01020304050607080102030405060708", /* Initialization Vector. It is recommended to specify random generated IV, and do not reuse any IV. */
"ivSource" : "IV_Col", /* Specifes a column in the source for the IV, to allow different IVs to be used for each row. Value to be specified in hexadecimal format. If value is not valid hexadecimal, then it is treated as an ASCII string. */
"mode": "CBC", /* Used only when type is DESede. */
"inputEncoding" : 0, /* Encoding of Input data. */
"outputEncoding" : 0, /* Encoding of output data. */
"padding": "PKCS5Padding" /* Used only when type is DESede. */
} ]
} ,
{
"name" : "ContactNo", /* Name of the column. */
"action" : "REKEY", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, TOKENIZE, DESede. */
"key" : "key1", /* Name of the encryption key. */
"characterSet" : "alphanumeric", /* Name of the charset. */
"tweakSource" : "Col_Tweak", /* Used for column level tweak data. */
"allowSingleCharInputs" : false, /* True or false. Default is false. Applicable to FPE and FF1 only. If true, single character inputs are passed through untransformed, but otherwise transformation continues. If false, row transformation fails for single character inputs. */
"keepleft" : 0, /* Number of characters to be preserved from left. It is applicable only if @type is FPE or FF1. */
"keepright" : 0, /* Number of characters to be preserved from right. It is applicable only if @type is FPE or FF1. */
"policyVersion": 1, /* Specifies version information of the protection policy. Applicable only for DPG initial encryption. */
"action" : "DECRYPT" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
}, {
"@type" : "FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, TOKENIZE, DESede. */
"key" : "key2", /* Name of the encryption key. */
"characterSet" : "alphanumeric", /* Name of the charset. */
"tweakSource" : "Col_Tweak", /* Used for column level tweak data. */
"allowSingleCharInputs" : false, /* True or false. Default is false. Applicable to FPE and FF1 only. If true, single character inputs are passed through untransformed, but otherwise transformation continues. If false, row transformation fails for single character inputs. */
"keepleft" : 0, /* Number of characters to be preserved from left. It is applicable only if @type is FPE or FF1. */
"keepright" : 0, /* Number of characters to be preserved from right. It is applicable only if @type is FPE or FF1. */
"policyVersion": 1, /* Specifies version information of the protection policy. Applicable only for DPG initial encryption. */
"action" : "ENCRYPT" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
} ]
} ,
{
"name" : "GENDER", /* Name of the column. */
"action" : "TOKENIZE", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "TOKENIZE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, TOKENIZE, DESede. */
"tokenGroup" : "tokengp", /* Used only when action is TOKENIZE or DETOKENIZE. */
"tokenTemplate" : "tokentemp" /* Used only when action is TOKENIZE or DETOKENIZE. */
} ]
} ,
{
"name" : "Address", /* Name of the column. */
"action" : "DETOKENIZE", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "TOKENIZE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, TOKENIZE, DESede. */
"tokenGroup" : "tokengp", /* Used only when action is TOKENIZE or DETOKENIZE. */
"tokenTemplate" : "tokentemp" /* Used only when action is TOKENIZE or DETOKENIZE. */
} ]
},
{
"name" : "Account", /* Name of the column. */
"action" : "REKEY", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "TOKENIZE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, TOKENIZE, DESede. */
"tokenGroup" : "group1", /* Used only when action is TOKENIZE or DETOKENIZE. */
"tokenTemplate" : "abcedf9876543210", /* Used only when action is TOKENIZE or DETOKENIZE. */
"action" : "DETOKENIZE" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
}, {
"@type" : "TOKENIZE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, TOKENIZE, DESede. */
"tokenGroup" : "group2", /* Used only when action is TOKENIZE or DETOKENIZE. */
"tokenTemplate" : "abcedf9876543210", /* Used only when action is TOKENIZE or DETOKENIZE. */
"action" : "TOKENIZE" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
} ]
} ],
"subset" : { /* Table-specific data filter criteria. Filter input data based on this criteria. */
"offset": 0, /* Start record index. */
"limit":5, /* Maximum number of records/rows to transform, starting from offset. */
"recurrency" : 3, /* Select every Nth record. Default is 1 (process every record). */
"orderBy" : "OrderByCol", /* Order by column, for example: column1. Not supported for file transformation. */
"order" : "ASC", /* ASC (ascending) or DESC (descending) record order. Not supported for file transformation. */
"filters" : [{ /* Subset-specific filters to be used. */
"selector" : "SelectorCol", /* Name of the column. */
"operator" : ">", /* Specifies the operator to use. */
"expression": "34" /* Expression to evaluate filter on selector using specified operator. */
}]
}
"createDestinationTable" : false, /* Create destination table if none exists. */
"sourceTable" : "demoSource", /* Source table name. For database only. */
"destinationTable" : "demoDes" /* Destination table name. For database only. */
} ],
"inPlaceUpdate" : false, /* Set to true to transform data in-place within the database (that is, in-place transformation), rather than the default behavior that creates a new destination table containing the transformed data. */
"createBadRecordFile" : true /* True or false. Default value is false. Set to "true" to create a ".failed file", otherwise set to "false". */
}
