Dataflow Pipeline State CMEK
Warning
Private Preview: This feature is disabled by default. For more information on enabling this feature in your project, please contact Alteryx Support.
Optionally, the Trifacta Application can use any customer-managed encryption keys (CMEKs) that you have created for your project to monitor the the dataflow pipeline state information written to storage during Dataflow processing.
Note
This feature may not be available in all product editions. For more information on available features, see Compare Editions.
A customer-managed encryption key (CMEK) is an encryption key that is privately held within your Google Cloud Platform project.
When these keys are deployed in a project, Dataflow uses these keys for encryption of pipeline state information only.
The performance impact of using CMEKs is minimal.
For more information:
https://cloud.google.com/storage/docs/encryption/customer-managed-keys
For more information on how to use CMEKs, see https://cloud.google.com/dataflow/docs/guides/customer-managed-encryption-keys.
Acquire CMEKs
CMEKs are defined in your Google Cloud Platform project.
Steps:
In the Console: https://console.cloud.google.com/security/kms/keyrings
The list of available keys is displayed.
Right-click the key to use and select Copy resource name.
The resource name must be copied into the Trifacta Application. See below.
Enable
Warning
Private Preview: This feature is disabled by default. For more information on enabling this feature in your project, please contact Alteryx Support.
To enable use of the CMEK, please complete the following steps.
Steps:
Login to the Trifacta Application.
Select User menu > Admin console > Settings.
Under the Data execution heading, locate Use a customer-managed encryption key with Dataflow.
Paste the resource name value here.
Your changes are immediately applied to the Trifacta Application.