Decryption using Data transformation with CTE for Kubernetes
Guard Policy data can be unencrypted using Data Transformation.
The steps are same as with the section Applying Data Transformation Rotation for CTE for Kubernetes, except for policy creation which requires specific key rules for decryption.
Create policies for decryption with required keys on CipherTrust Manager
-
Create new policies (Data Transformation standard policy and Production policy) with required key rules.
- Alternatively, clone the original policies that you used to encrypt the data.
-
Update the key rules for both of the policies by editing the Key Rule, and the Data Transformation Rule, and changing the Current Key Name and Transformation Key Name to
clear_key
.For Example:
If Guard Policy data is encrypted with Key2:
Data Transformation clone/new policy key rule update:
Key Rules (Current Key Name): Key2 Data Transformation Rules(Transformation Key Name): Clear_key
Production clone/new policy key rule update:
Key Rules(Key Name): Clear_key
-
Save and apply the policies.