User Data Encryption Promotion
Last updated
Was this helpful?
Last updated
Was this helpful?
Choose values for the following fields:
- master-password: choose any string of any length (can contain alphanumerics and special characters)
- master-salt: choose any string of length 8 (can contain alphanumerics and special characters)
- master-initialvector: choose any string of length 12 (can contain alphanumerics and special characters)
- Ask devops to generate keys for above selected values,
- In environment secrets.yml file, add “egov-enc-service” subsection under 'secrets' section, and provide values for above three fields. For example: For dev environment (Ask Devops to do it)
Add field “state-level-tenant-id“ under “egov-enc-service:” section for state level tenantId in environment yml. Example:
Promote egov-enc-service:4-master-f47bff2
Make sure “egov-enc-service“ entry is present in “egov-service-host” in environment yml ,ex:- for dev . If not, make changes and build and deploy zuul from master branch.
Provide DB details in following environment variables
- DB_PASSWORD
- DB_HOST
- DB_PORT
- DB_USERNAME
- DB_NAME'
Backup old tables
- Create table eg_user_backup_plaintext as (select * from eg_user)
- Create table eg_user_address_backup_plaintext as (select * from eg_user_address)
Delete foreign key referenced on ‘eg_user’ from ‘eg_userrole_v1’ temporarily until the data is transformed
- ALTER TABLE eg_userrole_v1 DROP CONSTRAINT fk_user_role_v1
Deploy user service build with encryption to run flyway migration (egov-user:11-user_changes_MT-800f319)
Clean tables of all plain text data
- Delete from eg_user_address
- Delete from eg_user
Run migration
- Script python package dependencies
- import psycopg2
- import sys
- import json
- import requests
- import configparser
- import logging
- import os
Commands to run for migration:
- python3 user_migration.py config_user_encryption.txt
- python3 user_migration.py config_address_encryption.tx
Restore earlier deleted foreign key constraint
- ALTER TABLE eg_userrole_v1 ADD CONSTRAINT fk_user_role_v1 FOREIGN KEY (user_id, user_tenantid) REFERENCES eg_user(id, tenantid) MATCH SIMPLE ON UPDATE NO ACTION ON DELETE NO ACTION
User service: egov-user:11-user_changes_MT-800f319
- Set environment variable “DECRYPTION_ABAC_ENABLED” to false
User service copy for chatbot: egov-user-chatbot:4-user_changes_MT-621fe60
Note: Promote only if Whatsapp chatbot is already running in the system. It uses another copy of user service named “egov-user-chatbot“. Not needed if Whatsapp- chatbot is not in the system.
Report service: report:22-report-encryption-changes-e92c8ae
enc-service: egov-enc-service:4-master-f47bff2
MDMS: Copy the MDMS folder -