Dynamic Data Masking
- Dynamic Data Masking 9.9.4
- All Products
Name
| Description
|
---|---|
<fqcn>
| Mandatory. Fully-qualified class name of the security provider. For example: com.security.provider.MyProvider
|
<file>
| Optional. Provider-specific initialization parameter. For example, the path to a configuration file.
|
Name
| Default
| Description
|
---|---|---|
storeName
| -
| Mandatory. Unique name of the keystore. Once you have defined the keystore name, do not modify it.
|
storeType
| -
| Mandatory. Type of keystore. For CyberArk, enter the storeType as CyberArk.
|
storeFile
| null
| Optional. Path to the keystore file.
|
storePassword
| null
| Optional. Keystore password.
|
provider
| -
| Optional. Name of the custom security provider that Provider.getName() returns. Note that this is not the name of the class.
If the security provider is CyberArk, this parameter is mandatory. Provide the name of the security provider. This name should match the provider.name property in the CyberArk properties file.
|
encrypted
| false
| Optional. Specify a clear password for the keystore in the
ddm.security file. Dynamic Data Masking encrypts the password at run-time and sets
encrypted=true in the file.
|
<?xml version="1.0"?> <XML> <keyStores type="ArrayList"> <entry type="StoreDescriptor"> <storeName>store1</storeName> <storePassword>admin</storePassword> <storeType>JCEKS</storeType> <encrypted>false</encrypted> <storeFile>cfg/store.jceks</storeFile> </entry> <entry type="StoreDescriptor"> <storeName>store3</storeName> <storePassword>admin</storePassword> <storeType>PKCS12</storeType> <encrypted>false</encrypted> <provider>PKCS12-Provider-5</provider> <storeFile>cfg/store.pkcs12</storeFile> </entry> <entry type="StoreDescriptor"> <storeName>store2</storeName> <storeType>PKCS11</storeType> <encrypted>false</encrypted> <provider>MyProvider-HSM</provider> <storeFile>cfg/store.pkcs11</storeFile> </entry> </keystores> <providers type="ArrayList"> <entry type="ProviderDescriptor"> <file>cfg/xyz.conf</file> <fqcn>com.security.provider.XYZProvider</fqcn> </entry> <entry type="ProviderDescriptor"> <fqcn>com.security.provider.MyProvider</fqcn> </entry> </providers> </XML>
<?xml version="1.0"?> <XML> <keyStores type="ArrayList"> <entry type="StoreDescriptor"> <storeType>CyberArk</storeType> <storeName>DDMQASafe</storeName> <provider>QASafeProvider</provider> </entry> </keyStores> <providers type="ArrayList"> <entry type="ProviderDescriptor"> <file>cfg\CyberArk_DDMQASafe.props</file> <fqcn>com.informatica.security.jce.cyberark.CyberarkProvider</fqcn> </entry> </providers> </XML>
Name
| Description
|
---|---|
provider.name
| Name of the security provider. Name must match the <provider> tag in the keystore section of the
ddm.security file.
|
provider.client.appid
| Application ID. The application ID was created during the CyberArk installation.
|
provider.safe
| Mandatory. Name of the specific safe within CyberArk.
|
provider.uniqueattr.name
| Unique attribute name of the account.
By default, the name of the account is a unique attribute that is internally mapped with the string "Object." In this case, Object is the value for the uniqueattr.name parameter.
However, if you have selected any other attribute other than name as an unique identifier, give that attribute name as the value of the property.
For example, if you selected the attribute host as the unique identifier, give the value of provider.uniqueattr.name as host.
|
provider.folder.path
| Path from the root to the folder containing the given account. If you leave this parameter blank, Dynamic Data Masking assumes the account is under the root.
|
provider.name=QASafeProvider provider.client.appid=DDMJavaTest provider.safe=DDMQASafe provider.uniqueattr.name=Object provider.folder.path=root\\subfolder