Dataprep by Trifacta
Page tree


Support | BlogContact Us 

Contents:

Expand all   Collapse all

   

Contents:

Private Preview: This feature is disabled by default. For more information on enabling this feature in your project, please contact Google Support.

Optionally, the Dataprep by Trifacta application can use any customer-managed encryption keys (CMEKs) that you have created for your project. These encryption keys are applied to any temporary data written to storage during Dataflow processing.

Feature Availability: This feature may not be available in all product editions. For more information on available features, see Compare Editions.

A customer-managed encryption key (CMEK) is an encryption key that is privately held within your Google Cloud Platform project. These keys are created and managed by Cloud Key Management Service and can be applied to individual objects or buckets.

  • When used, data that is written for the objects for which the keys are scoped are automatically encrypted when written and decrypted when read. 
  • The performance impact of using CMEKs is minimal.

These encryption keys are applied to data at rest that is written by the Dataprep by Trifacta application during normal operations.

  • The keys that you specify do not apply to data that are written to Cloud Storage or BigQuery.

    Tip: Optionally, the Dataprep by Trifacta application can verify that a set of CMEKs is applied when writing to Cloud Storage or BigQuery and, if missing, can fail the job automatically.

     

  • They do not apply to data in transit, which is managed through HTTPS protocols.

For more information:

Limitations

  • KMS keys are defined to restrict access to specific resources. If you attempt to run a job on resources in a region other than what is defined in the KMS key, the job fails. 
  • When CMEK validation checks are enabled, full pushdown of jobs to BigQuery is disabled. Partial pushdown is supported.

Acquire CMEKs

CMEKs are defined in your Google Cloud Platform project. 

Steps:

  1. In the Console: https://console.cloud.google.com/security/kms/keyrings
  2. The list of available keys is displayed. 
  3. Right-click the key to use and select Copy resource name.

The resource name must be copied into the Dataprep by Trifacta application. See below.

Enable

Private Preview: This feature is disabled by default. For more information on enabling this feature in your project, please contact Google Support.

To enable use of the CMEK, please complete the following steps.

Steps:

  1. Login to the Dataprep by Trifacta application.
  2. Select User menu > Admin console > Project settings.
  3. Under the Data execution heading:
    1. Use a customer-managed encryption key with  Dataflow: Paste the resource name value here.

    2. Validate that a customer-managed encryption key is used: Set this to Enabled to check for use of a CMEK before writing outputs to  Cloud Storage or BigQuery.

      NOTE: If CMEK validation checks are enabled, pushdown of job execution to BigQuery is disabled.

Your changes are immediately applied to the project.

See Also for Overview of CMEK:

Send Feedback

This page has no comments.

© 2013-2023 Alteryx® Inc Privacy Policy  |  Terms of Use