Sample BDT Policy File
{
"id" : "SqlServerSample-90643295a90sdf5", /* Transformation policy id. */
"name" : "SqlServerSample", /* Name of the policy. */
"description" : /* Description of the policy. */
"caseSensitive" : true, /* True or false. Default value is false. If set to "true", all the database objects mentioned in the policy file will be processed in the same case as input. If set to "false", all the database objects mentioned in the policy file will be automatically converted to UPPERCASE. */
"trimSpaces" : true, /* True or false. Default value is false. If set to "true", it will trim initial and trailing white spaces from the data present in the column to be transformed. If set to "false", the flag is disabled, and no processing is done on the data present in the column to be transformed. */
"enableHexLiteral" : false, /* True or false. Default value is false. If set to "true", the ciphertext will be enclosed with hex literal. For example, x'<ciphertext>'. */
"source": { /* Details of the data source. */
"@type": "CSV_FILE", /* Source type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "input.csv", /* The file path relative to the inputDir or outputDir path in the config file. */
"delimiter": ",", /* The character that is used to divide one column from the next in the input file. */
"qualifier": "\"", /* The character to enclose fields that contain a delimiter character. This is used when source is a file and the delimiter character is itself a part of the data to be transformed. So to tell BDT that this is not a delimiter, user can enclose input data by a qualifier and mention qualifier here in this field. */
"unescapeInput": false, /* True or false. Default value is false. If "true", delimiter and qualifier characters in input preceded by a backslash (\) are considered as normal characters and part of the input data. */
"columnCount": "5", /* Number of columns in the input file. */
"hasHeaderRow": false /* True or false. Default value is false. If "true", the utility will treat the first row as a header row. Values from this row will be treated as column names. The same column names should be mentioned in the transformation action. If "false", the utility will treat all the rows as data to be transformed. */
},
"destination": { /* Details of the data destination. */
"@type": "CSV_FILE", /* Destination type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "output.csv" /* The file path relative to the inputDir or outputDir path in the config file. */
},
"tables" : [ { /* List of the tables to be transformed. */
"sourceSchema" : "DEMO", /* Owner/schema name where source table belongs to, otherwise it will use default owner/schema. */
"destinationSchema" : "DEMOdes", /* Owner/schema name where destination table belongs to, otherwise it will use default owner/schema. */
"columns" : [ { /* List of the columns to be transformed. */
"name" : "FirstName", /* Name of the column. */
"action" : "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key" : "key1", /* Name of the encryption key. */
"characterSet" : "alphanumeric", /* Name of the charset. */
"tweak" : "010ACD5B99F3C343", /* Used for column level tweak data. */
"allowSmallInputs" : false, /* True or false. Default is false. Applicable to FPE, FF1, and FPE_AES only. If true, data is passed as untransformed if effective data length is less than 2 characters for FPE and FF1, and less than 4 characters for FPE_AES. If false, transformation fails if effective data length is less than 2 characters for FPE and FF1, and less than 4 characters for FPE_AES. */
"keepleft" : 0, /* Number of characters to be preserved from left. It is applicable only if @type is FPE or FF1 or FPE_AES. */
"keepright" : 0, /* Number of characters to be preserved from right. It is applicable only if @type is FPE or FF1 or FPE_AES. */
"policyVersion": 1 /* Specifies version information of the protection policy. Applicable only for DPG initial encryption. */
} ]
} ,
{
"name" : "LastName", /* Name of the column. */
"action" : "DECRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key" : "key1", /* Name of the encryption key. */
"iv" : "01020304050607080102030405060708", /* Initialization Vector. It is recommended to specify random generated IV, and do not reuse any IV. */
"header": "" /* Used only when encrypting/decrypting using VAE. */
"inputEncoding" : 0, /* Encoding of Input data. */
"outputEncoding" : 0, /* Encoding of output data. */
"policyVersion": 1 /* Specifies version information of the protection policy. Applicable only for DPG initial encryption. */
} ]
} ,
{
"name" : "GENDER", /* Name of the column. */
"action" : "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "DESede", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key" : "key1", /* Name of the encryption key. */
"iv" : "01020304050607080102030405060708", /* Initialization Vector. It is recommended to specify random generated IV, and do not reuse any IV. */
"ivSource" : "IV_Col", /* Specifes a column in the source for the IV, to allow different IVs to be used for each row. Value to be specified in hexadecimal format. If value is not valid hexadecimal, then it is treated as an ASCII string. */
"mode": "CBC", /* Used only when type is DESede. */
"inputEncoding" : 0, /* Encoding of Input data. */
"outputEncoding" : 0, /* Encoding of output data. */
"padding": "PKCS5Padding" /* Used only when type is DESede. */
} ]
} ,
{
"name" : "EmergencyContact", /* Name of the column. */
"targetColName" : " EmergencyContact _new", /* Name of the new column. */
"srcColumnAction" : "preserve", /* Source column remains preserved. */
"action" : "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "FPE_AES", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key" : "KEY1", /* Name of the encryption key. */
"characterSet" : "alphanumeric", /* Name of the charset. */
"tweak" : "010ACD5B99F3C343", /* Used for column level tweak data. */
"tweakAlgo" : "SHA1", /* Specifies tweakAlgo. Supports SHA1/SHA256/NONE. */
"allowSmallInputs" : false, /* True or false. Default is false. Applicable to FPE, FF1, and FPE_AES only. If true, data is passed as untransformed if effective data length is less than 2 characters for FPE and FF1, and less than 4 characters for FPE_AES. If false, transformation fails if effective data length is less than 2 characters for FPE and FF1, and less than 4 characters for FPE_AES. */
"keepleft" : 2, /* Number of characters to be preserved from left. It is applicable only if @type is FPE or FF1 or FPE_AES. */
"keepright" : 3, /* Number of characters to be preserved from right. It is applicable only if @type is FPE or FF1 or FPE_AES. */
"policyVersion" : 0 /* Specifies the protection policy version information. */
} ]
},
{
"name" : "ContactNo", /* Name of the column. */
"action" : "REKEY", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key" : "key1", /* Name of the encryption key. */
"characterSet" : "alphanumeric", /* Name of the charset. */
"tweakSource" : "Col_Tweak", /* Used for column level tweak data. */
"allowSmallInputs" : false, /* True or false. Default is false. Applicable to FPE, FF1, and FPE_AES only. If true, data is passed as untransformed if effective data length is less than 2 characters for FPE and FF1, and less than 4 characters for FPE_AES. If false, transformation fails if effective data length is less than 2 characters for FPE and FF1, and less than 4 characters for FPE_AES. */
"keepleft" : 0, /* Number of characters to be preserved from left. It is applicable only if @type is FPE or FF1 or FPE_AES. */
"keepright" : 0, /* Number of characters to be preserved from right. It is applicable only if @type is FPE or FF1 or FPE_AES. */
"policyVersion": 1, /* Specifies version information of the protection policy. Applicable only for DPG initial encryption. */
"action" : "DECRYPT" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
}, {
"@type" : "FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key" : "key2", /* Name of the encryption key. */
"characterSet" : "alphanumeric", /* Name of the charset. */
"tweakSource" : "Col_Tweak", /* Used for column level tweak data. */
"allowSmallInputs" : false, /* True or false. Default is false. Applicable to FPE, FF1, and FPE_AES only. If true, data is passed as untransformed if effective data length is less than 2 characters for FPE and FF1, and less than 4 characters for FPE_AES. If false, transformation fails if effective data length is less than 2 characters for FPE and FF1, and less than 4 characters for FPE_AES. */
"keepleft" : 0, /* Number of characters to be preserved from left. It is applicable only if @type is FPE or FF1 or FPE_AES. */
"keepright" : 0, /* Number of characters to be preserved from right. It is applicable only if @type is FPE or FF1 or FPE_AES. */
"policyVersion": 1, /* Specifies version information of the protection policy. Applicable only for DPG initial encryption. */
"action" : "ENCRYPT" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
} ]
} ,
{
"name" : "GENDER", /* Name of the column. */
"action" : "TOKENIZE", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "TOKENIZE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"tokenGroup" : "tokengp", /* Used only when action is TOKENIZE or DETOKENIZE. */
"tokenTemplate" : "tokentemp" /* Used only when action is TOKENIZE or DETOKENIZE. */
} ]
} ,
{
"name" : "Address", /* Name of the column. */
"action" : "DETOKENIZE", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "TOKENIZE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"tokenGroup" : "tokengp", /* Used only when action is TOKENIZE or DETOKENIZE. */
"tokenTemplate" : "tokentemp" /* Used only when action is TOKENIZE or DETOKENIZE. */
} ]
},
{
"name" : "Account", /* Name of the column. */
"action" : "REKEY", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config" : [ { /* Configuration for Encryption or Tokenization operations. */
"@type" : "TOKENIZE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"tokenGroup" : "group1", /* Used only when action is TOKENIZE or DETOKENIZE. */
"tokenTemplate" : "abcedf9876543210", /* Used only when action is TOKENIZE or DETOKENIZE. */
"action" : "DETOKENIZE" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
}, {
"@type" : "TOKENIZE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"tokenGroup" : "group2", /* Used only when action is TOKENIZE or DETOKENIZE. */
"tokenTemplate" : "abcedf9876543210", /* Used only when action is TOKENIZE or DETOKENIZE. */
"action" : "TOKENIZE" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
} ]
} ],
"subset" : { /* Table-specific data filter criteria. Filter input data based on this criteria. */
"offset": 0, /* Start record index. */
"limit":5, /* Maximum number of records/rows to transform, starting from offset. */
"recurrency" : 3, /* Select every Nth record. Default is 1 (process every record). */
"orderBy" : "OrderByCol", /* Order by column, for example: column1. Not supported for file transformation. */
"order" : "ASC", /* ASC (ascending) or DESC (descending) record order. Not supported for file transformation. */
"filters" : [{ /* Subset-specific filters to be used. */
"selector" : "SelectorCol", /* Name of the column. */
"operator" : ">", /* Specifies the operator to use. */
"expression": "34" /* Expression to evaluate filter on selector using specified operator. */
}]
}
"createDestinationTable" : false, /* Create destination table if none exists. */
"sourceTable" : "demoSource", /* Source table name. For database only. */
"destinationTable" : "demoDes" /* Destination table name. For database only. */
} ],
"inPlaceUpdate" : false, /* Set to true to transform data in-place within the database (that is, in-place transformation), rather than the default behavior that creates a new destination table containing the transformed data. */
"createBadRecordFile" : true /* True or false. Default value is false. Set to "true" to create a ".failed file", otherwise set to "false". */
}{
"id": "FPE_transformation_encryption", /* Transformation policy id. */
"name": "FPE_transformation_encryption", /* Name of the policy. */
"createBadRecordFile": true, /* True or false. Set to true to create a file with .failed extension, otherwise set to false. */
"source": { /* Details of the data source. */
"@type": "CSV_FILE", /* Source type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "input.csv", /* The file path relative to the inputDir or outputDir path in the config file. */
"delimiter": ",", /* The character that is used to divide one column from the next in the input file. */
"qualifier": "\"", /* The character to enclose fields that contain a delimiter character. This is used when source is a file and the delimiter character is itself a part of the data to be transformed. So to tell BDT that this is not a delimiter, user can enclose input data by a qualifier and mention qualifier here in this field. */
"unescapeInput": "true", /* True or false. Default value is false. If "true", delimiter and qualifier characters in input preceded by a backslash (\) are considered as normal characters and part of the input data. */
"columnCount": "12", /* Number of columns in the input file. */
"hasHeaderRow": true /* True or false. Default value is false. If "true", the utility will treat the first row as a header row. Values from this row will be treated as column names. The same column names should be mentioned in the transformation action. If "false", the utility will treat all the rows as data to be transformed. */
},
"destination": { /* Details of the data destination. */
"@type": "CSV_FILE", /* Destination type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "output.csv" /* The file path relative to the inputDir or outputDir path in the config file. */
},
"tables": [ /* List of the tables to be transformed. */
{
"columns": [ /* List of the columns to be transformed. */
{
"name": "latitude", /* Name of the column. */
"action": "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config": [ /* Configuration for Encryption or Tokenization operations. */
{
"@type": "FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "bdt_key", /* Name of the encryption key. */
"tweak": "1ABD0EAB12F34560", /* Used for column level tweak data. */
"characterSet": "digits", /* Name of the charset. */
"policyVersion": 1 /* Specifies version information of the protection policy. Applicable only for DPG initial encryption. */
}
]
}
]
}
]
}{
"id": "FPE_transformation_encryption", /* Transformation policy id. */
"name": "FPE_transformation_encryption", /* Name of the policy. */
"createBadRecordFile": true, /* True or false. Set to true to create a file with .failed extension, otherwise set to false. */
"source": { /* Details of the data source. */
"@type": "CSV_FILE", /* Source type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "input.csv", /* The file path relative to the inputDir or outputDir path in the config file. */
"delimiter": ",", /* The character that is used to divide one column from the next in the input file. */
"qualifier": "\"", /* The character to enclose fields that contain a delimiter character. This is used when source is a file and the delimiter character is itself a part of the data to be transformed. So to tell BDT that this is not a delimiter, user can enclose input data by a qualifier and mention qualifier here in this field. */
"unescapeInput": "true", /* True or false. Default value is false. If "true", delimiter and qualifier characters in input preceded by a backslash (\) are considered as normal characters and part of the input data. */
"columnCount": "12", /* Number of columns in the input file. */
"hasHeaderRow": true /* True or false. Default value is false. If "true", the utility will treat the first row as a header row. Values from this row will be treated as column names. The same column names should be mentioned in the transformation action. If "false", the utility will treat all the rows as data to be transformed. */
},
"destination": { /* Details of the data destination. */
"@type": "CSV_FILE", /* Destination type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "output.csv" /* The file path relative to the inputDir or outputDir path in the config file. */
},
"tables": [ /* List of the tables to be transformed. */
{
"columns": [ /* List of the columns to be transformed. */
{
"name": "latitude", /* Name of the column. */
"action": "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config": [ /* Configuration for Encryption or Tokenization operations. */
{
"@type": "FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "bdt_key", /* Name of the encryption key. */
"tweak": "1ABD0EAB12F34560", /* Used for column level tweak data. */
"characterSet": "digits" /* Name of the charset. */
}
]
}
]
}
]
}{
"id": "FPE_transformation_decryption", /* Transformation policy id. */
"name": "FPE_transformation_decryption", /* Name of the policy. */
"createBadRecordFile": true, /* True or false. Set to true to create a file with .failed extension, otherwise set to false. */
"caseSensitive":false /* True or false. Default value is false. If set to "true", all the database objects mentioned in the policy file will be processed in the same case as input. If set to "false", all the database objects mentioned in the policy file will be automatically converted to UPPERCASE. */
"source":{ /* Details of the data source. */
"@type":"ORACLE", /* Source type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"connectionurl":"jdbc:oracle:thin:@//localhost:1521/XE", /* Database connection URL. */
"username":"admin", /* Database username. */
"password":"", /* Database password. */
"driverclass":"oracle.jdbc.driver.OracleDriver" /* DBC connection driver class. */
},
"destination":{ /* Details of the data destination. */
"@type":"SQL_SERVER", /* Destination type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"connectionurl":"jdbc:sqlserver://localhost;databaseName=db", /* Database connection URL. */
"username":"admin", /* Database username. */
"password":"", /* Database password. */
"driverclass":"com.microsoft.sqlserver.jdbc.SQLServerDriver" /* DBC connection driver class. */
},
"tables": [ /* List of the tables to be transformed. */
{
"columns": [ /* List of the columns to be transformed. */
{
"name": "latitude", /* Name of the column. */
"action": "DECRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config": [ /* Configuration for Encryption or Tokenization operations. */
{
"@type": "FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "bdt_key", /* Name of the encryption key. */
"tweakSource": "col_tweak", /* Used for column level tweak data. */
"characterSet": "digits", /* Name of the charset. */
"keepleft" : 0, /* Number of characters to be preserved from left. It is applicable only if @type is FPE or FF1 or FPE_AES. */
"keepright" : 0, /* Number of characters to be preserved from right. It is applicable only if @type is FPE or FF1 or FPE_AES. */
}
]
}
],
"subset" : { /* Table-specific data filter criteria. Filter input data based on this criteria. */
"offset": 0, /* Start record index. */
"limit":5, /* Maximum number of records/rows to transform, starting from offset. */
"recurrency" : 3, /* Select every Nth record. Default is 1 (process every record). */
"orderBy" : "OrderByCol", /* Order by column, for example: column1. Not supported for file transformation. */
"order" : "ASC", /* ASC (ascending) or DESC (descending) record order. Not supported for file transformation. */
"filters" : [{ /* Subset-specific filters to be used. */
"selector" : "SelectorCol", /* Name of the column. */
"operator" : ">", /* Specifies the operator to use. */
"expression": "34" /* Expression to evaluate filter on selector using specified operator. */
}]
},
"sourceTable":"employee", /* Source table name. For database only.*/
"destinationTable":"employee" /* Destination table name. For database only.*/
}
]
}{
"id": "rekey_encryption_rekey", /* Transformation policy id. */
"name": "rekey_encryption_rekey", /* Name of the policy. */
"createBadRecordFile": true, /* True or false. Set to true to create a file with .failed extension, otherwise set to false. */
"source": { /* Details of the data source. */
"@type": "CSV_FILE", /* Source type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "input.csv", /* The file path relative to the inputDir or outputDir path in the config file. */
"delimiter": ",", /* The character that is used to divide one column from the next in the input file. */
"qualifier": "\"", /* The character to enclose fields that contain a delimiter character. This is used when source is a file and the delimiter character is itself a part of the data to be transformed. So to tell BDT that this is not a delimiter, user can enclose input data by a qualifier and mention qualifier here in this field. */
"unescapeInput": true, /* True or false. Default value is false. If "true", delimiter and qualifier characters in input preceded by a backslash (\) are considered as normal characters and part of the input data. */
"columnCount": 4, /* Number of columns in the input file. */
"hasHeaderRow": true /* True or false. Default value is false. If "true", the utility will treat the first row as a header row. Values from this row will be treated as column names. The same column names should be mentioned in the transformation action. If "false", the utility will treat all the rows as data to be transformed. */
},
"destination": { /* Details of the data destination. */
"@type": "CSV_FILE", /* Destination type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "output.csv" /* The file path relative to the inputDir or outputDir path in the config file. */
},
"tables": [ /* List of the tables to be transformed. */
{
"columns": [ /* List of the columns to be transformed. */
{
"name": "name", /* Name of the column. */
"action": "REKEY", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config": [ /* Configuration for Encryption or Tokenization operations. */
{
"@type": "AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "bdt_key", /* Name of the encryption key. */
"action": "DECRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"iv": "1ABD0EAB12F345601ABD0EAB12F34560" /* Initialization Vector. It is recommended to specify random generated IV, and do not reuse any IV. */
},
{
"@type": "AES_CTR", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "rekeyUsecase", /* Name of the encryption key. */
"action": "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"iv": "1ABD0EAB12F345601ABD0EAB12F34560" /* Initialization Vector. It is recommended to specify random generated IV, and do not reuse any IV. */
}
]
}
]
}
]
}{
"id":"FileSample-b004f83efaa", /* Transformation policy id. */
"name":"FileSample", /* Name of the policy. */
"createBadRecordFile":true, /* True or false. Default value is false. Set to "true" to create a ".failed file", otherwise set to "false". */
"caseSensitive":true, /* True or false. Default value is false. If set to "true", all the database objects mentioned in the policy file will be processed in the same case as input. If set to "false", all the database objects mentioned in the policy file will be automatically converted to UPPERCASE. */
"source":{ /* Details of the data source. */
"@type":"CSV_FILE", /* Source type. Supports CSV_FILE. */
"filepath":"input.csv", /* The file path relative to the inputDir or outputDir path in the config file. */
"delimiter":",", /* The character that is used to divide one column from the next in the input file. */
"qualifier":"\"", /* The character to enclose fields that contain a delimiter character. This is used when source is a file and the delimiter character is itself a part of the data to be transformed. So to tell BDT that this is not a delimiter, user can enclose input data by a qualifier and mention qualifier here in this field. */
"unescapeInput":true, /* True or false. Default value is false. If "true", delimiter and qualifier characters in input preceded by a backslash (\) are considered as normal characters and part of the input data. */
"columnCount":"14", /* Number of columns in the input file. */
"hasHeaderRow":true /* True or false. Default value is false. If "true", the utility will treat the first row as a header row. Values from this row will be treated as column names. The same column names should be mentioned in the transformation action. If "false", the utility will treat all the rows as data to be transformed. */
},
"destination":{ /* Details of the data destination. */
"@type":"CSV_FILE", /* Destination type. Supports CSV_FILE. */
"filepath":"output.csv" /* The file path relative to the inputDir or outputDir path in the config file. */
},
"tables":[ /* List of the tables to be transformed. */
{
"columns":[ /* List of the columns to be transformed. */
{
"name":"column1", /* Name of the column. */
"targetColName":"newcolumn1", /* New column containing encrypted data. */
"srcColumnAction":"preserve", /* Source column remains preserved. */
"action":"ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
"config":[ /* Configuration for crypto operations. */
{
"@type":"AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key":"bdt-key", /* Name of the key. */
"tweak":"010ACD5B99F3C343", /* Used for column level tweak data. */
"characterSet":"digits", /* Name of the charset. */
"iv":"DB1BE0FEC759E2FFE828D8053D955FF9" /* Initialization Vector. It is recommended to specify random generated IV, and do not reuse any IV. */
}
]
},
{
"name":"column2", /* Name of the column. */
"targetColName":"newcolumn2", /* New column containing decrypted data. */
"srcColumnAction":"empty", /* Source column is emptied. */
"action":"DECRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
"config":[ /* Configuration for crypto operations. */
{
"@type":"AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key":"bdt-key", /* Name of the key. */
"tweak":"010ACD5B99F3C343", /* Used for column level tweak data. */
"characterSet":"digits", /* Name of the charset. */
"iv":"DB1BE0FEC759E2FFE828D8053D955FF9" /* Initialization Vector. It is recommended to specify random generated IV, and do not reuse any IV. */
}
]
},
{
"name":"column3", /* Name of the column. */
"targetColName":"newcolumn3", /* New column containing rekeyed data. */
"srcColumnAction":"remove", /* Source column is removed. */
"action":"REKEY", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
"config":[ /* Configuration for crypto operations. */
{
"@type":"AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key":"bdt-key", /* Name of the key. */
"tweak":"010ACD5B99F3C343", /* Used for column level tweak data. */
"characterSet":"digits", /* Name of the charset. */
"iv":"DB1BE0FEC759E2FFE828D8053D955FF9", /* Initialization Vector. It is recommended to specify random generated IV, and do not reuse any IV. */
"action":"DECRYPT" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
},
{
"@type":"AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key":"bdt-rekey", /* Name of the key. */
"tweak":"010ACD5B99F3C343", /* Used for column level tweak data. */
"characterSet":"digits", /* Name of the charset. */
"iv":"DB1BE0FEC759E2FFE828D8053D955FF9", /* Initialization Vector. It is recommended to specify random generated IV, and do not reuse any IV. */
"action":"ENCRYPT" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
}
]
}
]
}
]
}{
"id":"FixedLengthFileSample-5ec94388", /* Transformation policy id. */
"name":"FixedLengthFileSample", /* Name of the policy. */
"createBadRecordFile":true, /* True or false. Default value is false. Set to "true" to create a ".failed file", otherwise set to "false". */
"source":{ /* Details of the data source. */
"@type":"FIXED_LENGTH_FILE", /* Source type. Supports FIXED_LENGTH_FILE. */
"filepath":"input.txt", /* The file path relative to the inputDir or outputDir path in the config file. */
"lineSeparator":true, /* Separate the line. */
"hasHeaderRow":true, /* True or false. Default value is false. If "true", the utility will treat the first row as a header row. Values from this row will be treated as column names. The same column names should be mentioned in the transformation action. If "false", the utility will treat all the rows as data to be transformed. */
"columnCount":3, /* Number of columns in the input file. */
"recordLength":30, /* Length of the record. */
"columnPositions":[ /* Positions of the column. */
{
"column":0, /* Index of the column. */
"startIndex":0, /* The start index of the column. */
"endIndex":10 /* The end index of the column. */
},
{
"column":1, /* Index of the column. */
"startIndex":10, /* The start index of the column. */
"endIndex":20 /* The end index of the column. */
},
{
"column":2, /* Index of the column. */
"startIndex":20, /* The start index of the column. */
"endIndex":30 /* The end index of the column. */
}
]
},
"destination":{ /* Details of the data destination. */
"@type":"FIXED_LENGTH_FILE", /* Destination type. Supports FIXED_LENGTH_FILE. */
"filepath":"output.txt" /* The file path relative to the inputDir or outputDir path in the config file. */
},
"tables":[ /* List of the tables to be transformed. */
{
"columns":[ /* List of the columns to be transformed. */
{
"name":"column1", /* Name of the column. */
"targetColName":"name1", /* Name of the target column. */
"srcColumnAction":"preserve", /* Source column remains preserved. */
"targetColLength":10, /* The column length of targetColName. */
"action":"ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
"config":[ /* Configuration for crypto operations. */
{
"@type":"FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key":"bdt-key", /* Name of the key. */
"tweak":"auto", /* Used for column level tweak data. */
"characterSet":"alphanumeric" /* Name of the charset. */
}
]
},
{
"name":"column2", /* Name of the column. */
"targetColName":"name2", /* Name of the target column. */
"srcColumnAction":"empty", /* Source column is emptied. */
"targetColLength":10, /* The column length of targetColName. */
"action":"DECRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
"config":[ /* Configuration for crypto operations. */
{
"@type":"FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key":"bdt-key", /* Name of the key. */
"tweak":"auto", /* Used for column level tweak data. */
"characterSet":"alphanumeric" /* Name of the charset. */
}
]
},
{
"name":"column3", /* Name of the column. */
"targetColName":"newcolumn3", /* Name of the target column. */
"srcColumnAction":"remove", /* Source column is removed. */
"targetColLength":10, /* The column length of targetColName. */
"action":"REKEY", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
"config":[ /* Configuration for crypto operations. */
{
"@type":"FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key":"bdt-key", /* Name of the key. */
"tweak":"auto", /* Used for column level tweak data. */
"characterSet":"alphanumeric", /* Name of the charset. */
"action":"DECRYPT" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
},
{
"@type":"FPE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key":"bdt-key1", /* Name of the key. */
"tweak":"auto", /* Used for column level tweak data. */
"characterSet":"alphanumeric", /* Name of the charset. */
"action":"ENCRYPT" /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
}
]
}
]
}
]
}{
"id": "OracleToSqlServerSample-90643295a90sdf5", /* Transformation policy id. */
"name": "OracleToSqlServerSample", /* Name of the policy. */
"source": { /* Defines details of data input. */
"@type": "MYSQL", /* Specifies the database type. */
"connectionurl": "jdbc:mysql://localhost:3306/my_db", /* Database connection URL. */
"username": "root", /* Database username. */
"password": "", /* Database password. */
"driverclass": "com.mysql.cj.jdbc.Driver" /* DBC connection driver class. */
},
"destination": { /* Defines details of data output. */
"@type": "MYSQL", /* Specifies the database type. */
"connectionurl": "jdbc:mysql://localhost:3306/my_db", /* Database connection URL. */
"username": "root", /* Database username. */
"password": "", /* Database password. */
"driverclass": "com.mysql.cj.jdbc.Driver" /* DBC connection driver class. */
},
"tables": [ /* List of the tables to be transformed. */
{
"columns": [ /* List of the columns to be transformed. */
{
"name": "Age", /* Name of the column. */
"targetColName": "NewAge", /* Name of the new column. */
"srcColumnAction": "preserve", /* Source column action. */
"action": "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
"config": [ /* Configuration for crypto operations. */
{
"@type": "AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "tes_key", /* Name of the key. */
"iv": "1ABD0EAB12F345601ABD0EAB12F34560" /* Initialization Vector. */
}
]
},
{
"name": "Name", /* Name of the column. */
"targetColName": "NewName", /* Name of the new column. */
"srcColumnAction": "remove", /* Source column action. */
"action": "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
"config": [ /* Configuration for crypto operations. */
{
"@type": "AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "tes_key", /* Name of the key. */
"iv": "1ABD0EAB12F345601ABD0EAB12F34560" /* Initialization Vector. */
}
]
},
{
"name": "Sub", /* Name of the column. */
"targetColName": "NewSub", /* Name of the new column. */
"srcColumnAction": "empty", /* Source column action. */
"action": "ENCRYPT", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
"config": [ /* Configuration for crypto operations. */
{
"@type": "AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "tes_key", /* Name of the key. */
"iv": "1ABD0EAB12F345601ABD0EAB12F34560" /* Initialization Vector. */
}
]
},
{
"name": "Add", /* Name of the column. */
"targetColName": "NewAdd", /* Name of the new column. */
"action": "ENCRYPT", /* Source column action. */
"config": [ /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, REKEY. */
{
"@type": "AES_CBC_PAD", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "tes_key", /* Name of the key. */
"iv": "1ABD0EAB12F345601ABD0EAB12F34560" /* Initialization Vector. */
}
]
}
],
"sourceTable": "demo33" /* Source table name. */
}
],
"inPlaceUpdate": true /* Transform data in-place within the database. */
}{
"id": "Tokenization_transformation_encryption", /* Transformation policy id. */
"name": "Tokenization_transformation_encryption", /* Name of the policy. */
"createBadRecordFile": true, /* True or false. Set to true to create a file with .failed extension, otherwise set to false. */
"source": { /* Details of the data source. */
"@type": "CSV_FILE", /* Source type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "basic_input.csv", /* The file path relative to the inputDir or outputDir path in the config file. */
"delimiter": ",", /* The character that is used to divide one column from the next in the input file. */
"qualifier": "\"", /* The character to enclose fields that contain a delimiter character. This is used when source is a file and the delimiter character is itself a part of the data to be transformed. So to tell BDT that this is not a delimiter, user can enclose input data by a qualifier and mention qualifier here in this field. */
"unescapeInput": "true", /* True or false. Default value is false. If "true", delimiter and qualifier characters in input preceded by a backslash (\) are considered as normal characters and part of the input data. */
"columnCount": "12", /* Number of columns in the input file. */
"hasHeaderRow": true /* True or false. Default value is false. If "true", the utility will treat the first row as a header row. Values from this row will be treated as column names. The same column names should be mentioned in the transformation action. If "false", the utility will treat all the rows as data to be transformed. */
},
"destination": { /* Details of the data destination. */
"@type": "CSV_FILE", /* Destination type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "output.csv" /* The file path relative to the inputDir or outputDir path in the config file. */
},
"tables": [ /* List of the tables to be transformed. */
{
"columns": [ /* List of the columns to be transformed. */
{
"name": "latitude", /* Name of the column. */
"action": "TOKENIZE", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config": [ /* Configuration for Encryption or Tokenization operations. */
{
"@type": "TOKENIZE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "test_bdt", /* Name of the encryption key. */
"tokenGroup": "bdt_token_group", /* Name of the token group as defined in VTS. */
"tokenTemplate": "BDT_FPE" /* Name of the token template as defined in VTS. */
}
]
}
]
}
]
}{
"id": "Tokenization_transformation_decryption", /* Transformation policy id. */
"name": "Tokenization_transformation_decryption", /* Name of the policy. */
"createBadRecordFile": true, /* True or false. Set to true to create a file with .failed extension, otherwise set to false. */
"source": { /* Details of the data source. */
"@type": "CSV_FILE", /* Source type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "input.csv", /* The file path relative to the inputDir or outputDir path in the config file. */
"delimiter": ",", /* The character that is used to divide one column from the next in the input file. */
"qualifier": "\"", /* The character to enclose fields that contain a delimiter character. This is used when source is a file and the delimiter character is itself a part of the data to be transformed. So to tell BDT that this is not a delimiter, user can enclose input data by a qualifier and mention qualifier here in this field. */
"unescapeInput": "true", /* True or false. Default value is false. If "true", delimiter and qualifier characters in input preceded by a backslash (\) are considered as normal characters and part of the input data. */
"columnCount": "12", /* Number of columns in the input file. */
"hasHeaderRow": true /* True or false. Default value is false. If "true", the utility will treat the first row as a header row. Values from this row will be treated as column names. The same column names should be mentioned in the transformation action. If "false", the utility will treat all the rows as data to be transformed. */
},
"destination": { /* Details of the data destination. */
"@type": "CSV_FILE", /* Destination type. Supports CSV_FILE, FIXED_LENGTH_FILE, ORACLE, SQL_SERVER, MYSQL, DB2, HANA. */
"filepath": "output.csv" /* The file path relative to the inputDir or outputDir path in the config file. */
},
"tables": [ /* List of the tables to be transformed. */
{
"columns": [ /* List of the columns to be transformed. */
{
"name": "latitude", /* Name of the column. */
"action": "DETOKENIZE", /* Specifies the action to be taken. Supports ENCRYPT, DECRYPT, TOKENIZE, DETOKENIZE, REKEY. */
"config": [ /* Configuration for Encryption or Tokenization operations. */
{
"@type": "TOKENIZE", /* Config type. Supports AES_CBC_PAD, AES_CTR, FPE, FF1, FPE_AES, TOKENIZE, DESede. */
"key": "test_bdt", /* Name of the encryption key. */
"tokenGroup": "bdt_token_group", /* Name of the token group as defined in VTS. */
"tokenTemplate": "BDT_FPE" /* Name of the token template as defined in VTS. */
}
]
}
]
}
]
}
