Versions Compared

Old Version 1

changes.mady.by.user Rushang Dhanesha

Saved on

compared with

New Version Current

changes.mady.by.user Rohit shende

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • MDMS Service

  • Encryption Service

  • Kafka

Important Note

The MDMS configurations explained below are fetched by this library at boot time. So after you make changes in the MDMS repo and restart the MDMS service, you would also need to RESTART THE SERVICE which has imported the enc-client library. For example, the report service is using the enc-client library so after making configuration changes to Security Policy pertaining to any report, you will have to restart the report service.

Key Functionalities

  • Encrypt a JSON Object - The encryptJson function of the library takes any Java Object as an input and returns an object which has encrypted values of the selected fields. The fields to be encrypted are selected based on an MDMS Configuration.

    • This function requires the following parameters:

      1. Java/JSON object - The oject whose fields will get encrypted.

      2. Model - It is used to identify the MDMS configuration to be used to select fields of the provided object.

      3. Tenant Id - The encryption key will be selected based on the passed tenantId.

  • Encrypt a Value - The encryptValue function of the library can be used to encrypt single values. This method also required a tenantId parameter.

  • Decrypt a JSON Object - The decryptJson function of the library takes any Java Object as an input and returns an object that has plain/masked or no values of the encrypted fields. The fields are identified based on the MDMS configuration. The returned value(plain/masked/null) of each of the attribute depends on the user’s role and if it is a PlainAccess request or a normal request. These configurations are part of the MDMS.

    • This function required following parameters:

      1. Java/JSON object - The object containing the encrypted values that are to be decrypted.

      2. Model - It is used to select a configuration from the list of all available MDMS configurations.

      3. Purpose - It is a string parameter that passes the reason of the decrypt request. It is used for Audit purposes.

      4. RequestInfo - The requestInfo parameter serves multiple purposes:

        1. User Role - A list of user roles are extracted from the requestInfo parameter.

        2. PlainAccess Request - If the request is an explicit plain access request, it is to be passed as a part of the requestInfo. It will contain the fields that user is requesting for decryption and the id of record.

    • While decrypting Java object, this method also audits the request.

...

Here is a link to a sample Masking Patterns master data.

Info

To know more about regular expression refer the below articles
https://towardsdatascience.com/regular-expressions-clearly-explained-with-examples-822d76b037b4
https://docs.oracle.com/cd/E18894_01/xml_guide/transaction_elements/Java%20Regular%20Expressions%20for%20Masks.html

To test regular expression refer the below link.
https://regex101.com/r/IB4YRu/1

Security Policy

The Security Policy master data contains the policy used to encrypt and decrypt JSON objects. Each of the Security Policy contains the following details:

...