Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Data Transformation Examples and Full Command Syntax

Data Transformation Command Parameters

search

Please Note:

printsuggest an editpdf paneldownload

Data Transformation Command Parameters

Option Description (Parameter)
--applog_level Overrides what is sent by the key manager. This affects the log files that reside in /var/log/vormetric/vordxf. Defaults to the log level to which VMD logging is set. Log level options: ALL, TRACE, DEBUG, INFO, WARN, ERROR, FATAL, OFF.
--buf_size Sets the size of the kernel buffers that are allocated to run dataxform. Buffer sizes range between 4 and 128 KB. The default buffer size is 128 KB. The selected default has been empirically determined to be the safest and most efficient. We strongly recommend that you do not change the default value.
Specify an integer between 4 and 128 inclusive.
--check_links Lists the subdirectories in the GuardPoint or regular directory, the number of files in the top directory and in each subdirectory, and the total number of files and directories. The disk usage for each directory, and total disk usage, are also listed. In addition, this argument scans for hard links in the GuardPoint or regular directory. Use the --gp option to specify the GuardPoint or regular directory to scan. No files are rekeyed. This operation generates only a list of hard-link files.
--cid <container id> Specifies Docker container id.
--cleanup Deletes the status files that were generated by a previous dataxform session and that prevents you from running another dataxform session. It removes the dataxform_auto_lock, dataxform files, and dataxform_status files from a GuardPoint. It also deletes the dataxform_status-gp file from /var/log/vormetric.
You must clean up the GuardPoint before you can run a new dataxform session, because if those files are detected by dataxform, dataxform will abort with the message: “Automatic data transform status for gp: previous attempt completed.”
Use --cleanup to remove these files, or remove them manually, after a dataxform session. Include the --gp option to specify the GuardPoint. If the --dir_recovery argument was used to output the dataxform_* files to a different location, be sure to include --dir_recovery and the full path to the alternate directory when you run cleanup.
If you are running automatic dataxform, disable or remove the GuardPoint before using the --cleanup argument. Enable or reapply the GuardPoint afterwards. You must do this because once automatic dataxform completes it is done. It no longer checks the GuardPoint for a dataxform_auto_config file. When the GuardPoint is enabled or reapplied, dataxform is reactivated and searches for the file. --cleanup_on_success Removes status files upon success.
--console_level Affects the logging sent to the console (terminal). Defaults to INFO. For --help the console level cannot be FATAL or OFF. If so, no help is displayed. Log level options: ALL, TRACE, DEBUG, INFO, WARN, ERROR, FATAL, OFF.
--deep_scan Lists the subdirectories in the GuardPoint or unguarded directory, the number of files in the top directory and in each subdirectory, and the total number of files and directories. The disk usage for each directory, and total disk usage, are also listed.
In addition, this argument creates a set of simulation files of various sizes in the GuardPoint or directory, and uses these to estimate how long it would take to rekey the actual GuardPoint or directory. See also Estimating the dataxform Runtime Period.
Use the --gp parameter with this parameter to specify the GuardPoint or directory path.
--dir-recovery Allows you to specify where dataxform status files are placed. By default, the status files are placed in one of the following locations:
• Without any arguments, the status files are placed in /var/log/vormetric
• With the --status_gp argument, the status files are placed in the GuardPoint.
• With the --dir_recovery argument, the status files are placed in a user-specified location.
The name of the status files created by --dir_recovery are dataxform_status-_gp and dataxform_status-alt_gp, where gp is the underscore-separated path to the GuardPoint. For example, if the path to the GuardPoint is /home/apps/lib/dx1, then a status file name would be dataxform_status-_home_apps_lib_dx1.
The dataxform file, dataxform_auto_lock, is always written to the GuardPoint.
--embed Converts all of the files to CTE-U embedded header.
encrypt_sparse_file_holes Checks for "holes" in sparse files and fills and encrypts them. The dataxform utility processes each rekey block in 1k "chunks" (the rekey block is on a 1K boundary and multiples of 1K in size). Each "chunk” consisting of all zeros is considered a "hole”. By default, holes on Linux systems are not rekeyed or written, thus keeping the file size small.
The default on Linux systems is: --preserve_sparse_files.
--file_list Used with –-recovery to specify the output file name, or with –-rekey_list, to specify the input file name. When used with --recovery, the output file name is automatically appended with “_done”. --file_list takes one argument, file.
--gp Specifies the full path to the GuardPoint directory to process.
--mt The --mt option sets the maximum number of threads allowed to transform one file. Valid values are integers between 1 and 16, inclusive. We recommend that you do not change the default values for --mt. To increase dataxform performance, you may want to start with the default value and gradually increase the maximum threads value. See also --thd.
--migrate Migrate Data from Protect File Encryption.
--nq The --nq (“no queries”) option does rekeying without prompts. Without this option, dataxform prompts you to verify that you want to continue with the specified operation.
--preserve_access_time Directs dataxform to leave the last-accessed time of files intact during the rekey process. This option is useful when the last-accessed time is used to trigger file backups.
--preserve_modified_time Directs dataxform to leave the last-modified time of files intact during the rekey process. This option is useful when the last-modified time is used to trigger file backups.
--preserve_sparse_files Checks for "holes" in sparse files and preserves them in the rekeyed file. The dataxform utility processes each rekey block in 1k "chunks" (the rekey block is on a 1K boundary and multiples of 1K in size). Each "chunk" consisting of all zeros is considered a "hole". Holes are not rekeyed nor written, therefore creating a sparse file, which can be considerably smaller in size. Sparse files are preserved by default. This dataxform option is provided only for backward compatibility.
--print_stat Displays the time it takes dataxform to complete each phase of the transformation process.
--recovery Generates the files needed to complete an interrupted dataxform session. The generated files are dataxform_files_done-_path and dataxform_files_todo-path, and they are placed in /var/log/vormetric on Linux systems. Use the --gp option to specify the GuardPoint.
--rekey The –-rekey option rekeys all the files in the GuardPoint specified by the --gp option.
--rekey_list Same as --rekey, except that dataxform transforms only the files in the file specified in the --file_list option. This option is typically used to recover a failed dataxform session. Use the --gp option to specify the GuardPoint.
--rekey_supported Checks the specified directory to determine if it is a valid GuardPoint, if a rekey policy is currently applied, and if anyone is currently accessing the directory. The –-gp option specifies the GuardPoint to check. No files are rekeyed. This operation indicates only if the specified GuardPoint is ready to be rekeyed.
--scan Lists the subdirectories in the GuardPoint or unguarded directory, the number of files in the top directory and in each subdirectory, and the total number of files and directories. The disk usage for each directory, and total disk usage, are also listed.
When run on a GuardPoint that has already been transformed but not cleaned, --scan also returns the number of hard links and soft links that were skipped in the previous dataxform session. No files are rekeyed.
Use the --gp parameter with this parameter to specify the GuardPoint or directory path.
--status_up Causes dataxform to put the status, run, and error files in the GuardPoint rather than in the log directory. See also Using dataxform_status* Files.
--status_interval Sets the time interval (in seconds) at which data transformation status messages are sent to the key manager. The default is 300 seconds (5 minutes).
--thd Sets the number of threads that dataxform can use to transform files. A “thread” equates to a file. The more threads specified, the more files that are transformed concurrently. You may process up to 32 files concurrently. Threads are numbered 0 through 31, but the values you enter are 1 through 32. 0 indicates all 32 threads. The default number of threads is 8 or the number of CPUs, whichever is less. If messages like “access denied” are displayed or files are being skipped, try reducing the number of threads. If the errors still occur after the number of threads is set to 1, the errors are not due to dataxform processes colliding. Most likely there is something wrong with the files or policy permissions.
The default value has been empirically determined to be the safest and most efficient. We strongly recommend that you do not increase the default value. See also --mt.
--unrecoverable Performs rekey without recording recovery data, which may run considerably faster than a normal rekey; but if it fails, restoration of the guarded data from the backup is required.
--update_keyid Update to the new keyid after a key migration.
--version Displays dataxform version information.

On this page