Please Note:

BDT Config File

Refer to the Sample BDT Config File for details.

Global Config File Attributes

The configuration of the BDT utility is stored in JSON format in the file bdt.config. At the top of the file are several global configuration settings, followed by settings that configure the main underlying tools used by BDT:

Attribute	Default Value	Mandatory/Optional	Description
`inputDirectory`	No default	Mandatory	The path to the directory in which the input file or DB is placed.
`outputDirectory`	No default	Mandatory	The path to the directory in which the output file or DB needs to be placed.
`threadCount`	No default	Mandatory	The maximum number of running threads required to transform a file.
`batchSize`	No default	Mandatory	The total number of records in the batch.
dataProtectionConfig	No default	Mandatory (if policy is fetched from Key Manager)	Contains credential information which will be used to get centralized policy.
`characterSets`	No default	Mandatory	Contains configurable list of charset names and their range. Users can also define their own `characterSets` in the `bdt.config` file as shown below: "characterSets" : [ { "Name of CharacterSets" : [ "Range of CharacterSets" ] } ]
vts	No default	Mandatory (for tokenization and detokenization)	Contains settings to customize the behavior of the CipherTrust Vaultless Tokenization (CT-VL).
crypto	No default	Mandatory (for encryption and decryption)	Contains settings for the cryptographic provider used in this BDT configuration i.e `jce` (CADP-JCE).

Data Protection Attributes

BDT has a separate section for 'Data Protection Profile' to add its user information.
The dataProtectionConfig object contains the following settings:

Attribute	Default Value	Mandatory/Optional	Description
`@type`	No default	Mandatory	For the dataProtectionConfig, BDT supports two login methods: `password` - The user logs in using password. `user_certificate` - The user logs in using a user certificate.
`userName`	No default	Optional	(Used only when `@type` value is `password`). User name having access to batch data transformation on key manager.
`password`	No default	Optional	(Used only when `@type` value is `password`). User password having access to batch data transformation on key manager. Run `bdt -e` option to set password.
`hostName`	No default	Optional	(Used only when `@type` value is `user_certificate`). Hostname of the machine where tokenization server is running.
serverConfig	No default	Optional	(Used only when `@type` value is `user_certificate`).
clientConfig	No default	Optional	(Used only when `@type` value is `user_certificate`).

Below is the sample for @type is set to password:

"dataProtectionConfig": 
{                                               
    "@type": "password",                                         
    "username": "test_user",                                        
    "password": ""
}

Below is the sample for @type is set to user_certificate:

"dataProtectionConfig": 
{                                       
    "@type": "user_certificate",                                
    "hostName": "",                                            
    "serverConfig": 
    {                                          
        "truststore": "",                                       
        "password": "",                                         
        "verifyHostname": "true"                                
    },
    "clientConfig": 
    {                                          
        "keystore": "",                                        
        "storePassword": "",                                    
        "keyPassword": ""                                      
    },
}

Refer to Sample BDT Config File for details.

Server Configuration Attributes

Attribute	Default Value	Mandatory/Optional	Description
`truststore`	No default	Mandatory	Truststore file path, truststore should have server certificate.
`password`	No default	Mandatory	Truststore file password.
`verifyHostname`	false	Optional	Set to `true` to enable hostname verification for SSL communication, and `false` to disable hostname verification.

Client Configuration Attributes

Attribute	Default Value	Mandatory/Optional	Description
`keystore`	No default	Mandatory	Keystore file path of the client.
`storePassword`	No default	Mandatory	Keystore file password of the client.
`keyPassword`	No default	Mandatory	Key file password, usually same as keystore password.

Transformation Specific Attributes

vts Attributes

CT-VL Attributes

BDT has a separate section for the 'CT-VL Attributes'. The vts object contains the following settings:

Attribute	Default Value	Mandatory/Optional	Description
`hostName`	No default	Mandatory	Hostname of the machine where tokenization server is running.
`userName`	No default	Mandatory	The CT-VL username.
`password`	No default	Mandatory	The CT-VL password. Use the `bdt -e` option to enter encrypted value here. Do not use plaintext.
`tokenUrl`	No default	Mandatory	The CT-VL tokenize REST URL.
`detokenUrl`	No default	Mandatory	The CT-VL detokenize REST URL.
`sslConfig`	No default	Mandatory	Contains the server and client authentication configuration attributes.

Server Authentication Attributes

You must set up SSL for secure communication between the BDT utility and the CT-VL. In the vts section of bdt.config, the server object contains the following settings related to SSL authentication:

Attribute	Default Value	Mandatory/Optional	Description
`sslmode`	`DEFAULT`	Optional	One of the following values: `DEFAULT` - Trust only a standard valid certificate issued by a Certificate Authority (CA). If the certificate is expired, self-signed, or invalid, communication with the VTS server fails. `SPECIFY_SSL_CERT` - Trust standard certificates and certificates stored in the provided trust store (specified in the truststore setting). Use to accept self-signed and expired certificates. `ALLOW_ALL` - Trust all certificates; no trust policy is defined. Any kind of SSL certificate is acceptable, including valid, expired, self-signed, or any other. The truststore setting is not required.
`verifyHostname`	false	Optional	Set to `true` to enable hostname verification for SSL communication, and `false` to disable hostname verification.
`truststore`	No default	Optional	(Used only when `sslmode` is `SPECIFY_SSL_CERT`). Truststore file path. To set up the truststore: 1. Get the server's public certificate. If not available, open the VTS URL in a browser and export it from the Security option. 2. Import the certificate and create the truststore. Use the following command. It will output the truststore password. `keytool -import -alias "vts host certificate" -file server.crt -keystore server.truststore` Important: Note this password. You need to provide it in the password parameter.
`password`	No default	Optional	(Used only when `sslmode` is `SPECIFY_SSL_CERT`). Truststore file password is obtained on importing the CT-VL certificate and creating the truststore.

Client Authentication Attributes

In the vts section of bdt.config, the client object contains the following settings related to SSL authentication:

Attribute	Default Value	Mandatory/Optional	Description
`sslmode`	`DEFAULT`	Optional	One of the following values: `DEFAULT` - Client authentication is disabled. No need to send client identity. `ALLOW_ALL` - Client authentication is disabled. No need to send client identity. `SPECIFY_SSL_CERT` - Client authentication is enabled. Create keystore with client certificate and key. Set keystore path in the keystore parameter. Communication succeeds if the CT-VL server finds a valid certificate set in the keystore.
`keystore`	No default	Optional	(Used only when `sslmode` is `SPECIFY_SSL_CERT`). Client's keystore file path. This assumes a keystore has already been created; for example, using keytool.
`storepassword`	No default	Optional	(Used only when `sslmode` is `SPECIFY_SSL_CERT`). Client's keystore file password.
`keypassword`	No default	Optional	(Used only when `sslmode` is `SPECIFY_SSL_CERT`). Client's key password.

crypto Attributes

Cryptographic Provider Attributes

BDT has a separate section to configure 'Cryptographic Provider'. The crypto object contains the following settings:

Attribute	Default Value	Mandatory/Optional	Description
`@type`	jce	Optional	BDT supports the cryptographic provider `jce`. If any value is not specified, BDT will use `jce`, which is a default crypto provider.
`userName`	No default	Optional	(Used only when using default crypto provider). Key owner user name.
`password`	No default	Optional	(Used only when using default crypto provider). Key owner user password.

Suggest A Change

BDT Config File

Global Config File Attributes

Data Protection Attributes

Server Configuration Attributes

Client Configuration Attributes

Transformation Specific Attributes

CT-VL Attributes

Server Authentication Attributes

Client Authentication Attributes

Cryptographic Provider Attributes

On this page