Examples of Exclusion Key Rules
This section describes some examples of how to use an exclusion key rule.
Encrypt Files With Exclusion Property Using a Non-Versioned Key
The following exclusion key rule applies the non-versioned key, Key_TextFiles
, to any new files that are created with a *.txt
extension.
Note
Existing *.txt
files in the GuardPoint during the initial LDT data transformation process are assumed to be already encrypted with the same key that you specify in the exclusion key rule. These existing files are not transformed during the initial encryption or during any subsequent rekeys. The key you specify in the exclusion key rule is applied to new *.txt
files only.
In the Policy, do the following:
-
Add a Key Rule.
-
In the Resource Set field, click Select.
-
Select a resource set that specifies .txt in the File field and click the Exclude Rule* option.
-
Click Select. CipherTrust Manager displays the resource set name in the Resource Set field with an icon indicating that this is an Exclusion Rule.
-
Select the
Key_TextFiles
key in the Current Key Name field. -
Click Add.
-
Add any other key rules or exclusion key rules to the policy that you want. You must add at least one non-exclusion key rule that specifies the current encryption key and the versioned encryption key that you want to use with this Live Data Transformation policy.
For example, you could add another exclusion key rule that specifies all .doc files should be encrypted with the key
Key_DocFiles
, or one that specifies all.zip
files should be left unencrypted by specifying the keyclear_key
.
Exempt Excluded Files from Encryption (Set to clear_key)
The following exclusion key rule sets all files in the resource set /oxf-fs1/gp1/Clear_Files_Folder
(Linux) or \oxf-fs1\gp1\Clear_Files_Folder
(Windows) to clear_key
(in other words, not encrypted). Files in other directories that match other key rules in the same policy may be encrypted. This could allow unrestricted access to the files in /oxf-fs1/gp1/Clear_Files_Folder
(Linux) or \oxf-fs1\gp1\Clear_Files_Folder
(Windows) while access may be restricted to files in parallel directories.
-
Linux Exclusion Key Rule: The Resource Set Directory field should contain
/oxf-fs1/gp1/Clear_Files_Folder
, and the Key should beclear_key
. -
Windows Exclusion Key Rule: The Resource Set Directory field should contain
\oxf-fs1\gp1\Clear_Files_Folder
, and the Key should beclear_key
.