Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Administration

Transformation Process

search

Please Note:

Transformation Process

This section outlines the complete transformation process for data source types — Files and Databases. The transformation can include protect, reveal , or reprotect operation.

  • The protect operation protects the plaintext data and returns the ciphertext based on the protection policy selected in the job configuration.

  • The reveal operation returns the output based on the default reveal format configured in access policy.

  • The reprotect operation protects the plaintext data with the latest version of the protection policy and returns the ciphertext based on the protection policy selected in the job configuration.

Prerequisites

  • BDT application must be registered on the CipherTrust Manager. Refer to Quick Start for details.

  • BDT must be deployed. Refer to Quick Start for details.

  • A compatible CipherTrust Manager must be up and running. Refer to CipherTrust Manager Deployment for details.

Steps

Tip

The transformation steps provided in this example can be performed using the CipherTrust Manager UI or API playground.

  1. Create source and destination data-sources. A data source is required to specify the details of input and output data sources that are part of the transformation process. The data source can be database or file.

    To create a data source from CipherTrust Manager's UI, follow this link.

    /data-protection/data-sources

    1. Access the API playground.

    2. In the left pane of the API playground, click Data Protection.

    3. Under Data Sources, click Create. The Create section of the API playground is displayed in the right pane.

    4. In the body field, specify required parameters with their values.

      Expand schema under the body field for names and types of fields. Hover your mouse over each field to view its description. The parameter names and casing in the body field must match with those shown in the schema. Also, ensure that parameters and their values are specified in double quotes.

    5. Click POST.

  2. Create access policy. The access policies contain set of rules that govern how the protected data will be revealed to users.

    To create access policy from CipherTrust Manager's UI, follow this link.

    /data-protection/access-policies

    1. Access the API playground.

    2. In the left pane of the API playground, click Data Protection.

    3. Under Access Policies, click Create. The Create section of the API playground is displayed in the right pane.

    4. In the body field, specify required parameters with their values.

      Expand schema under the body field for names and types of fields. Hover your mouse over each field to view its description. The parameter names and casing in the body field must match with those shown in the schema. Also, ensure that parameters and their values are specified in double quotes.

    5. Click POST.

  3. Create protection policy. A protection policy defines a set of rules that govern the cryptographic operations. The protection policy includes entities such as algorithm, key, IV, access policy name, and character set.

    To create protection policy from CipherTrust Manager's UI, follow this link.

    data-protection/protection-policies

    1. Access the API playground.

    2. In the left pane of the API playground, click Data Protection.

    3. Under Protection Policies, click Create. The Create section of the API playground is displayed in the right pane.

    4. In the body field, specify required parameters with their values.

      Expand schema under the body field for names and types of fields. Hover your mouse over each field to view its description. The parameter names and casing in the body field must match with those shown in the schema. Also, ensure that parameters and their values are specified in double quotes.

    5. Click POST.

  4. Create job configuration. A job configuration is required to specify details about the data to be transformed and the destination where the transformed data will be stored.

    To create job configuration from CipherTrust Manager's UI, follow this link.

    /data-protection/bdt/job-configurations

    1. Access the API playground.

    2. In the left pane of the API playground, click Data Protection.

    3. Under BDT Job Configurations, click Create. The Create section of the API playground is displayed in the right pane.

    4. In the body field, specify required parameters with their values.

      • To protect, select operation type as protect.

      • To reveal, select operation type as reveal.

      • To reprotect, select operation type as reprotect.

      Tip

      Multiple columns can be configured in a single job configuration, and each column can be associated with different protection policies.

      Expand schema under the body field for names and types of fields. Hover your mouse over each field to view its description. The parameter names and casing in the body field must match with those shown in the schema. Also, ensure that parameters and their values are specified in double quotes.

    5. Click POST.

  5. Run job. To run a job, at least one active client must be registered with the application.

    To run a job from CipherTrust Manager's UI, follow this link.

    data-protection/bdt/job-configurations/{id}/run

    1. Access the API playground.

    2. In the left pane of the API playground, click Data Protection.

    3. Under BDT Job Configurations, click Run Job. The Create section of the API playground is displayed in the right pane.

    4. In the body field, specify required parameters with their values.

      Expand schema under the body field for names and types of fields. Hover your mouse over each field to view its description. The parameter names and casing in the body field must match with those shown in the schema. Also, ensure that parameters and their values are specified in double quotes.

    5. Click POST.

  6. Check status of the job. The job status provides the information about the various stages of jobs, total number of records processed, error messages, and so on.

    To run a job from CipherTrust Manager's UI, follow this link.

    /data-protection/jobs/{id}

    1. Access the API playground.

    2. In the left pane of the API playground, click Data Protection.

    3. Under Jobs, click get. Enter the query parameters with which you want to filter the jobs.

    4. Click GET.

Verify Results

After the job status gets completed, Check the destination data data-source for transformed data.

Note

  • For transformations, where destination is file, the output file name (provided on UI) will also contain a timestamp appended to it. For example,<output-name-as-per-ui>-2025-04-01.17.57.01.521.csv

    • For CSV file, the output file will be formatted as: <file-name>-<timestamp>.csv

    • For fixed length file, the output file will be formatted as: <file-name>-<timestamp>.txt

  • For database and file related transformation, if you have configured Unprocessed Record File Path, the unprocessed record file will be created with the following formats:

    • Database: <job_id>-<source_table>-<timestamp>.txt

    • File: <job_id>-<timestamp>.txt

On this page