Modify and Deploy the Baffle Privacy Schema

The BafflePrivacySchema (BPS) is a TOML format file that contains the schema information for the encryption key and column representation. NOTE: You can create a TOML BPS that is configured for multiple owners of schemas. 

This page covers the following topics:

IMPORTANT! Modifying the BPS file with the Configuration Editor is an advanced procedure that requires an understanding of the correct BPS structure and syntax. For more information, see the BafflePrivacySchema File Reference.

Modifying the BafflePrivacySchema

The following procedure demonstrates how to modify the BPS using the Baffle Manager Configuration Editor.

To modify the BafflePrivacySchema file, do the following:

  1. Log in to Baffle Manager, click the Application icon in the left menu bar, then select the application for the BPS file that’s to be modified.
    Application details appear in the panel on the right.
  2. Select the Gear icon in the upper right corner, and then select Edit Configuration from the drop-down menu.
    The Configuration Editor appears.
  3. Select the Baffle Privacy Schema (BPS) on the left. The BPS TOML file appears on the right. If this is the first time you are specifying a BPS, the window on the right will look like it does in the following example.

  4. Create a TOML format Baffle Privacy Schema.
  5. Copy and past your TOML format BPS into the BPS Configuration Editor window, as shown in the following example snippet.

  6. Choose one of the following options, then click Close Window.
    • Save to save the BPS changes without deployment.
    • Deploy the BPS changes without encryption.
    • Deploy & Migrate the BPS changes for encryption.

      You are returned to the Application page.

Troubleshooting BafflePrivacySchema errors

BafflePrivacySchema determines which columns to encrypt and provides the correct schema definition back to the application. Modifying the BafflePrivacySchema can result in errors for encryption and decryption


Possible Cause

Corrective Action

Errors when encrypting or decrypting data

Manual edits to BafflePrivacySchema introduced syntax errors. 

Correct the BafflePrivacySchema file.

For more information, see the BafflePrivacySchema File Reference.

Manual change of a data type in your application for an encrypted column led to an incorrect BafflePrivacySchema specification.

Now that your application code has changed and you’ve updated the database tables, update the BafflePrivacySchema with the new datatype.

Sometimes if BafflePrivacySchema doesn’t include both views and tables, you might observe data inconsistencies:


Possible Cause

Corrective Action

Some values not being encrypted

View is specified in BafflePrivacySchema, but the base table is not.

Occurs if some applications directly change data through base tables while others go through the view.

Check BafflePrivacySchema. Add both views and tables to the BafflePrivacySchema.


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.