Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Common Dataxform Examples

Manually Running Data Transformation on Specific Files

search

Please Note:

printsuggest an edit

Manually Running Data Transformation on Specific Files

Use the following procedure to manually execute dataxform on a specific set of files in a GuardPoint.

  1. Back up the data in the GuardPoint.

  2. If specific files are to be encrypted, create a file list.
    A file list is a text file that consists of the full path name of each file to be transformed. Enter one file path per line. If a file list is not specified, dataxform will rekey all the files in the GuardPoint.

  3. Log on to the Management Console as an administrator of type Security Administrator with Host role permissions or type All.

    Note

    Existing active GuardPoints must be unguard before running a manual data transformation.

  4. For an existing GuardPoint, unguard it. For new GuardPoints, go to the next step.

    1. Open the GuardPoint tab of the host with the GuardPoint to be transformed. The applied policies and GuardPoints of the host are displayed.

    2. Disable the GuardPoint that is currently in effect. Select the Select check box for the GuardPoint and click Disable.

    3. Confirm that the GuardPoint is unguarded:

      • For Linux and UNIX systems: execute the secfsd -status guard command repeatedly until the GuardPoint is no longer displayed.

      • For Windows systems: on the task bar, right-click the Vormetric Tray Icon and click View > File System > GuardPoints until the GuardPoint is no longer displayed.

  5. Create a dataxform policy and apply it to the now unguarded or newly created GuardPoint. The dataxform policy specifies the following:

    • Action: key_op

    • Effect: apply_key, permit

    • Key Selection Rules key: The original key currently in use. Use clear_key if unencrypted.

    • Data Transformation Rules key: The new key. Use clear_key if decrypting.

  6. Confirm that the GuardPoint is re-enabled:

    • For Linux and UNIX systems: execute the secfsd -status guard command repeatedly until the GuardPoint is displayed.

    • For Windows systems: On the task bar, right-click the Vormetric Tray Icon and click View > File System > GuardPoints until the GuardPoint is displayed.

  7. Execute the dataxform command with the desired options on the host system. For example:

    #dataxform --rekey_list --file_list dx_fileList.txt
--gp /home/apps/apps1/data --dir_recovery /root
--dir_recovery allows you to specify where dataxform status files are placed.

  8. (Optional) Monitor dataxform progress on the host system.

    # tail -f /var/log/vormetric/vordxf_path_usr.log

  9. Wait until dataxform completes.

  10. Delete the dataxform policy and replace with a production policy. Reboot the host if you cannot delete the rekey policy

    Caution

    Do not apply a policy that is configured for encryption to a directory that contains unencrypted files because, when apply_key is configured, the unencrypted files are encrypted when they are accessed. The data will be unusable if read and corrupted if saved.

On this page