Secure Lookup
  • 05 Jan 2023
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Secure Lookup

  • Dark
    Light
  • PDF

See Secure Lookup for more information about this algorithm framework.

Creating a Secure Lookup Algorithm via API

  1. Find the frameworkId for the Extensible SL Framework. This can be done via the following endpoint:
    algorithm   GET /algorithm/frameworks
    

    Plugin name is dlpx-core, the framework name is Secure Lookup.

  2. Upload Lookup File via the following endpoint:
    fileUpload   POST /file-uploads
    

    Alternatively, the Lookup File might also be provided via HTTP / HTTPS / NFS mount URLs.

  3. Create an Extensible SL Algorithm via the following endpoint:
    algorithm   POST /algorithms
    

    Using the JSON formatted input, similar to the following example:

    {
        "algorithmName": "demoExtendedSL",
        "algorithmType": "COMPONENT",
        "frameworkId" : 1,
        "algorithmExtension" :
        {
            "lookupFile" : {
                "uri":"delphix-file://upload/f_7984ee9672b44e309f7ef5940f856e7c/ColorsLF.txt"
            },
            "inputCaseSensitive" : true,
            "maskedValueCase" : "ALL_LOWER",
            "hashMethod" : "SHA256"
        }
    }
    

    Fields description:

    • "algorithmName": customer created algorithm name
    • "algorithmType": should be "COMPONENT" for Extensible Algorithms
    • "description": free text
    • "frameworkId": the numeric value found in #1 above
    • "algorithmExtension": the composite field, containing algorithm instance specific configuration parameters

Exporting Secure Lookup Values via API

Secure lookup values can now be exported from algorithms. These values can only be exported from algorithms of type LOOKUP or type COMPONENT where the framework name is Secure Lookup.

  1. Find the algorithmCd of the algorithm instance to retrieve the values from. This may be done via the following endpoint:
    algorithm   GET /algorithms
    
  2. Use the following endpoint to export the lookup values:
    algorithm POST /algorithms/{algorithmName}/export-lookup-values
    

    Info

    Lookup values cannot be exported from algorithms where the lookup values are provided via MOUNT or via HTTP/HTTPS.

  3. A response similar to the following will be returned:
    {
        "asyncTaskId": 55,
        "operation": "EXPORT_SL_VALUES",
        "reference": "EXPORT_SL_VALUES-c2VjdXJlbG9va3VwX2NNSGdZc2FQLnR4dA==",
        "status": "WAITING",
        "cancellable": false
    }
    
  4. Retrieve the "reference" from the response body in the previous step and use this value as the fileDownloadId for the following endpoint:
    fileDownload GET /file-downloads/{fileDownloadId}
    

    The response will contain the exported lookup values. Values will be returned in a plaintext file with newline-separated values.

Secure Lookup Algorithm Extension

  • lookupFile (maxLength=255)

    String
    Lookup file may be one of the following four options:
    - UUID value returned from the endpoint for uploading file to the Masking Engine
    - NFS mounted file URL
    - HTTP URL to external web located file
    - HTTPS URL to external web located file

  • inputCaseSensitive (optional, default=false)

    Boolean
    Setting "true" means input value case matter (i.e. "Peter" and "peter" might be masked to different values)
    Setting "false" (default) makes input value case-insensitive ("Peter" and "peter" would be masked to the same value)

  • maskedValueCase (optional, default="PRESERVE_LOOKUP_FILE")

    String
    The output (masked) value case enforcing.
    Enum values:
    - PRESERVE_LOOKUP_FILE - use the unmodified replacement value (default).
    - PRESERVE_INPUT - preserve case of input value. If mixed - use unmodified replacement value.
    - ALL_LOWER - force the output to lowercase.
    - ALL_UPPER - force the output to uppercase.

  • hashMethod (optional, default="SHA256")

    String
    The hash method used to select replacement values. Must be one of the following enum values:
    - SHA256 - the default hash method for extensible secure lookup
    - LEGACY - hash method used to mimic the legacy secure lookup behavior in the extensibility framework


Was this article helpful?

What's Next