User Data Encryption Promotion

Last updated 1 year ago

Was this helpful?

User Data Encryption Promotion

Promotion of Encryption Service

Steps

Choose values for the following fields:

- master-password: choose any string of any length (can contain alphanumerics and special characters)

- master-salt: choose any string of length 8 (can contain alphanumerics and special characters)

- master-initialvector: choose any string of length 12 (can contain alphanumerics and special characters)

- Ask devops to generate keys for above selected values,

- In environment secrets.yml file, add “egov-enc-service” subsection under 'secrets' section, and provide values for above three fields. For example: For dev environment (Ask Devops to do it)

Add field “state-level-tenant-id“ under “egov-enc-service:” section for state level tenantId in environment yml. Example:
Promote egov-enc-service:4-master-f47bff2
Make sure “egov-enc-service“ entry is present in “egov-service-host” in environment yml ,ex:- for dev . If not, make changes and build and deploy zuul from master branch.

Data Migration

Steps

Provide DB details in following environment variables

- DB_PASSWORD

- DB_HOST

- DB_PORT

- DB_USERNAME

- DB_NAME'

Backup old tables

- Create table eg_user_backup_plaintext as (select * from eg_user)

- Create table eg_user_address_backup_plaintext as (select * from eg_user_address)

Delete foreign key referenced on ‘eg_user’ from ‘eg_userrole_v1’ temporarily until the data is transformed

- ALTER TABLE eg_userrole_v1 DROP CONSTRAINT fk_user_role_v1

Deploy user service build with encryption to run flyway migration (egov-user:11-user_changes_MT-800f319)
Clean tables of all plain text data

- Delete from eg_user_address

- Delete from eg_user

Run migration

- Script python package dependencies

- import psycopg2

- import sys

- import json

- import requests

- import configparser

- import logging

- import os

Commands to run for migration:

- python3 user_migration.py config_user_encryption.txt

- python3 user_migration.py config_address_encryption.tx

Restore earlier deleted foreign key constraint

- ALTER TABLE eg_userrole_v1 ADD CONSTRAINT fk_user_role_v1 FOREIGN KEY (user_id, user_tenantid) REFERENCES eg_user(id, tenantid) MATCH SIMPLE ON UPDATE NO ACTION ON DELETE NO ACTION

Service Builds

User service: egov-user:11-user_changes_MT-800f319

- Set environment variable “DECRYPTION_ABAC_ENABLED” to false

User service copy for chatbot: egov-user-chatbot:4-user_changes_MT-621fe60

Note: Promote only if Whatsapp chatbot is already running in the system. It uses another copy of user service named “egov-user-chatbot“. Not needed if Whatsapp- chatbot is not in the system.

Report service: report:22-report-encryption-changes-e92c8ae
enc-service: egov-enc-service:4-master-f47bff2

Last updated 1 year ago

Was this helpful?

Promotion of Encryption Service

Steps

Choose values for the following fields:

- master-password: choose any string of any length (can contain alphanumerics and special characters)

- master-salt: choose any string of length 8 (can contain alphanumerics and special characters)

- master-initialvector: choose any string of length 12 (can contain alphanumerics and special characters)

- Ask devops to generate keys for above selected values,

- In environment secrets.yml file, add “egov-enc-service” subsection under 'secrets' section, and provide values for above three fields. For example: For dev environment (Ask Devops to do it)

Add field “state-level-tenant-id“ under “egov-enc-service:” section for state level tenantId in environment yml. Example:
Promote egov-enc-service:4-master-f47bff2
Make sure “egov-enc-service“ entry is present in “egov-service-host” in environment yml ,ex:- for dev . If not, make changes and build and deploy zuul from master branch.

Data Migration

Steps

Provide DB details in following environment variables

- DB_PASSWORD

- DB_HOST

- DB_PORT

- DB_USERNAME

- DB_NAME'

Backup old tables

- Create table eg_user_backup_plaintext as (select * from eg_user)

- Create table eg_user_address_backup_plaintext as (select * from eg_user_address)

Delete foreign key referenced on ‘eg_user’ from ‘eg_userrole_v1’ temporarily until the data is transformed

- ALTER TABLE eg_userrole_v1 DROP CONSTRAINT fk_user_role_v1

Deploy user service build with encryption to run flyway migration (egov-user:11-user_changes_MT-800f319)
Clean tables of all plain text data

- Delete from eg_user_address

- Delete from eg_user

Run migration

- Script python package dependencies

- import psycopg2

- import sys

- import json

- import requests

- import configparser

- import logging

- import os

Commands to run for migration:

- python3 user_migration.py config_user_encryption.txt

- python3 user_migration.py config_address_encryption.tx

Restore earlier deleted foreign key constraint

- ALTER TABLE eg_userrole_v1 ADD CONSTRAINT fk_user_role_v1 FOREIGN KEY (user_id, user_tenantid) REFERENCES eg_user(id, tenantid) MATCH SIMPLE ON UPDATE NO ACTION ON DELETE NO ACTION

Service Builds

User service: egov-user:11-user_changes_MT-800f319

- Set environment variable “DECRYPTION_ABAC_ENABLED” to false

User service copy for chatbot: egov-user-chatbot:4-user_changes_MT-621fe60

Note: Promote only if Whatsapp chatbot is already running in the system. It uses another copy of user service named “egov-user-chatbot“. Not needed if Whatsapp- chatbot is not in the system.

Report service: report:22-report-encryption-changes-e92c8ae
enc-service: egov-enc-service:4-master-f47bff2
MDMS: Copy the MDMS folder -