Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Excluding Files or Directories from Rekey

Examples of Exclusion Key Rules

search

Please Note:

printsuggest an editpdf paneldownload

Examples of Exclusion Key Rules

This section describes some examples of how to use an exclusion key rule.

copy link to clipboardEncrypt Files With Exclusion Property Using a Non-Versioned Key

The following exclusion key rule applies the non-versioned key, Key_TextFiles, to any new files that are created with a *.txt extension.

Note

Existing *.txt files in the GuardPoint during the initial LDT data transformation process are assumed to be already encrypted with the same key that you specify in the exclusion key rule. These existing files are not transformed during the initial encryption or during any subsequent rekeys. The key you specify in the exclusion key rule is applied to new *.txt files only.

In the Policy, do the following:

  1. Add a Key Rule.

  2. In the Resource Set field, click Select.

  3. Select a resource set that specifies .txt in the File field and click the Exclude Rule* option.

  4. Click Select. CipherTrust Manager displays the resource set name in the Resource Set field with an icon indicating that this is an Exclusion Rule.

  5. Select the Key_TextFiles key in the Current Key Name field.

  6. Click Add.

  7. Add any other key rules or exclusion key rules to the policy that you want. You must add at least one non-exclusion key rule that specifies the current encryption key and the versioned encryption key that you want to use with this Live Data Transformation policy.

    For example, you could add another exclusion key rule that specifies all .doc files should be encrypted with the key Key_DocFiles, or one that specifies all .zip files should be left unencrypted by specifying the key clear_key.

copy link to clipboardExempt Excluded Files from Encryption (Set to clear_key)

The following exclusion key rule sets all files in the resource set /oxf-fs1/gp1/Clear_Files_Folder (Linux) or \oxf-fs1\gp1\Clear_Files_Folder (Windows) to clear_key (in other words, not encrypted). Files in other directories that match other key rules in the same policy may be encrypted. This could allow unrestricted access to the files in /oxf-fs1/gp1/Clear_Files_Folder (Linux) or \oxf-fs1\gp1\Clear_Files_Folder (Windows) while access may be restricted to files in parallel directories.

  • Linux Exclusion Key Rule: The Resource Set Directory field should contain /oxf-fs1/gp1/Clear_Files_Folder, and the Key should be clear_key.

  • Windows Exclusion Key Rule: The Resource Set Directory field should contain \oxf-fs1\gp1\Clear_Files_Folder, and the Key should be clear_key.

On this page