The BafflePrivacySchema (BPS) is a TOML format file that contains the schema information for the encryption key and column representation. NOTE: You can create a TOML BPS that is configured for multiple owners of schemas.
This page covers the following topics:
IMPORTANT! Modifying the BPS file with the Configuration Editor is an advanced procedure that requires an understanding of the correct BPS structure and syntax. For more information, see the BafflePrivacySchema File Reference.
Modifying the BafflePrivacySchema
The following procedure demonstrates how to modify the BPS using the Baffle Manager Configuration Editor.
To modify the BafflePrivacySchema file, do the following:
- Log in to Baffle Manager, click the Application icon in the left menu bar, then select the application for the BPS file that’s to be modified.
- Select the Gear icon in the upper right corner, and then select Edit Configuration from the drop-down menu.
- Select the Baffle Privacy Schema (BPS) on the left. The BPS TOML file appears on the right. If this is the first time you are specifying a BPS, the window on the right will look like it does in the following example.
- Create a TOML format Baffle Privacy Schema.
- Copy and past your TOML format BPS into the BPS Configuration Editor window, as shown in the following example snippet.
- Choose one of the following options, then click Close Window.
- Save to save the BPS changes without deployment.
- Deploy the BPS changes without encryption.
- Deploy & Migrate the BPS changes for encryption.
You are returned to the Application page.
Troubleshooting BafflePrivacySchema errors
BafflePrivacySchema determines which columns to encrypt and provides the correct schema definition back to the application. Modifying the BafflePrivacySchema can result in errors for encryption and decryption
Symptom |
Possible Cause |
Corrective Action |
Errors when encrypting or decrypting data |
Manual edits to BafflePrivacySchema introduced syntax errors. |
Correct the BafflePrivacySchema file. For more information, see the BafflePrivacySchema File Reference. |
Manual change of a data type in your application for an encrypted column led to an incorrect BafflePrivacySchema specification. |
Now that your application code has changed and you’ve updated the database tables, update the BafflePrivacySchema with the new datatype. |
Sometimes if BafflePrivacySchema doesn’t include both views and tables, you might observe data inconsistencies:
Symptom |
Possible Cause |
Corrective Action |
Some values not being encrypted |
View is specified in BafflePrivacySchema, but the base table is not. Occurs if some applications directly change data through base tables while others go through the view. |
Check BafflePrivacySchema. Add both views and tables to the BafflePrivacySchema. |
Comments
Please sign in to leave a comment.