The BaffleEntitySchema (BES) provides entity information, including the column and data in the entity column. Each entityId is assigned a unique key. If you are using AWS KMS as a keystore, you can specify a master key to use for an entity key.
IMPORTANT! NOTE: If migrating existing data, the BES must also contain the name of the table AND the name of the matching temporary table with the suffix "_tmp", as shown in the following examples.
MySQL follows a 3-level hierarchy for column representation. SQL Server and PostgreSQL follow a 4-level hierarchy for column representation. TOML format allows for spaces and empty lines. Comments should start with '#'.
Record Level Encryption
The BaffleEntitySchema is a Baffle configuration file required for record-level encryption (RLE). BaffleEntitySchema holds information for the entity column and its data. BaffleEntitySchema uses TOML format in a Level-3 or Level-4 hierarchy depending on the database.
This page provides representations for both TOML hierarchy levels, as well as BaffleEntitySchema examples for MySQL, MS SQL, and Postgres. Each entityId is assigned a unique key.
TOML Level Hierarchies
MySQL follows a level-3 hierarchy for column representation, while SQL Server and PostgreSQL follow a level-4 hierarchy for column representation.
TOML format allows for spaces and empty lines. Comments should start with '#'.
3-level TOML Representation
format = "TOML"
[[database]]
name = "BaffleTest"
[[database.table]]
name = "pet"
[[database.table.column]]
name = "entityId"
[[database.table.column.entity]]
id = "10001"
key = 11
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
# The following entry below is needed to migrate data in existing tables
[[database.table]]
name = "pet_tmp"
[[database.table.column]]
name = "entityId"
[[database.table.column.entity]]
id = "10001"
key = 11
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
4-level TOML Representation
format = "TOML"
[[database]]
name = "BaffleTest"
[[database.schema]]
name = "dbo"
[[database.schema.table]]
name = "pet"
[[database.schema.table.column]]
name = "entityId"
[[database.schema.table.column.entity]]
id = "10001"
key = 11
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
# The following entry below is needed to migrate data in existing tables
[[database.schema.table]]
name = "pet_tmp"
[[database.schema.table.column]]
name = "entityId"
[[database.schema.table.column.entity]]
id = "10001"
key = 11
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
Examples
MySQL BaffleEntitySchema TOML file
format = "TOML"
[[database]]
name = "BaffleTest"
[[database.table]]
name = "pet_table"
[[database.table.column]]
name = "entityId"
[[database.table.column.entity]]
id = "10001"
key = 8
[[database.table.column.entity]]
id = "20002"
key = 9
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
[[database.table.column.entity]]
id = "30003"
key = 10
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
[[database.table]]
name = "pet_table_tmp"
[[database.table.column]]
name = "entityId"
[[database.table.column.entity]]
id = "10001"
key = 8
[[database.table.column.entity]]
id = "20002"
key = 9
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
[[database.table.column.entity]]
id = "30003"
key = 10
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
MSSQL/PostgreSQL BaffleEntitySchema TOML file
format = "TOML"
[[database]]
name = "BaffleTest"
[[database.schema]]
name = "dbo"
[[database.schema.table]]
name = "pet_table"
[[database.schema.table.column]]
name = "entityId"
[[database.schema.table.column.entity]]
id = "10001"
key = 8
[[database.schema.table.column.entity]]
id = "20002"
key = 9
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
[[database.schema.table.column.entity]]
id = "30003"
key = 10
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
isEnabled = false
[[database.schema.table]]
name = "pet_table_tmp"
[[database.schema.table.column]]
name = "entityId"
[[database.schema.table.column.entity]]
id = "10001"
key = 8
[[database.schema.table.column.entity]]
id = "20002"
key = 9
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
[[database.schema.table.column.entity]]
id = "30003"
key = 10
cmk = "arn:aws:kms:us-west-2:902018721894:key/0411ca5c-9e2b-4305-8438-2ff5af592ec9"
region = "us-west-2"
isEnabled = false
Comments
Please sign in to leave a comment.