Skip to content

Preview: Trino UDFs

These are details on how to install and configure the Privacera crypto plug-in in Trino to use Privacera-supplied Encryption UDFs in Trino to encrypt or decrypt data.

For conceptual background, see PEG Architecture and Flow.

Syntax of Privacera Encryption UDFs for Trino#

The Privacera crypto plug-in includes the following UDFs:

  • With the <encryption_scheme_name> The protect UDF encrypts all values of <column_name> in a table:

    select protect(<column_name>, <encryption_scheme_name>) from <table_name>;

  • With the <encryption_scheme_name>, the unprotect UDF decrypts all values of <column_name> in a table:

    select unprotect(<column_name>, <encryption_scheme_name>) from <table_name>;

For example usage, see Example Queries to Verify Privacera-supplied UDFs.

Prerequisites for Installing Privacera Crypto Plug-in for Trino#

The following should already be ready:

  • A fully functional installation of Trino.

  • The users who will use the UDFs have sufficient access to the pertinent tables.

Install Privacera Crypto Plug-in via Privacera Manager#

You update Privacera Manager to get a shell script that downloads the Privacera Encryption crypto plug-in for Trino.

Run the following commands:

 # Change to Privacera Manager directory
 cd ~/privacera/privacera-manager
 # Upgrade Privacera Manager itself
 ./privacera-manager.sh upgrade-manager

Configure Privacera Crypto Plug-in for Trino#

 # Copy Trino properties file to Privacera Manager config/custom-vars directory
 cp config/sample-vars/vars.starburst.enterprise.trino.yml config/custom-vars/
 # Set property STARBURST_TRINO_ENABLE to true
 vi config/custom-vars/vars.starburst.enterprise.trino.yml
 ...
 STARBURST_TRINO_ENABLE: "true"
 ...
 # Save the file
 # Edit starburst-trino-crypto.yml to specify Trino home directory
 vi ansible/privacera-docker/roles/defaults/main/starburst-trino-crypto.yml
 ...
 STARBURST_TRINO_INSTALL_DIR: <absolute_path_to_trino_home_directory>
 ...
 # Save the file

Run Shell Script to Install Privacera Crypto Plug-in#

 # Change to Privacera Manager directory
 cd ~/privacera/privacera-manager
 # Update Privacera Manager to get shell script
 ./privacera-manager.sh update
 # Change to new directory created by privacera-manager update
 cd output/starburst-trino-crypto/
 # Make the script executable
 chmod +x privacera_crypto_trino_setup.sh
 # Run the script
 ./privacera_crypto_trino_setup.sh

Verify that the Script Ran Correctly#

Verify the following:

  • The location of the Privacera crypto jar:

    ls -l ~/privacera/privacera-manager/plugin/privacera/privacera-crypto-jar-with-dependencies.jar

  • The location of the crypto.properties file in Trino's etc directory:

    # Verify existence of crypto.properties file
ls -l /<trino_installation_directory>/etc/crypto.properties

Restart Trino to Register the Privacera Crypto UDFs for Trino#

 # Go to Trino bin directory
 cd /<trino_installation_directory>/bin
 # Restart Trino
 ./launcher restart

Example Queries to Verify Privacera-supplied UDFs#

See the syntax detailed in Syntax of Privacera Encryption UDFs for Trino.

The following example query with the protect UDF encrypts the cleartext CUSTOMER_EMAIL column of the CUSTOMERS table using the quoted'EMAIL' encryption scheme:

select protect(CUSTOMER_EMAIL, `EMAIL`) from CUSTOMERS;

The following example query with the unprotect UDF decrypts the encrypted CUSTOMER_EMAIL column of the CUSTOMERS table using the quoted 'EMAIL' encryption scheme:

select unprotect(CUSTOMER_EMAIL, 'EMAIL') from CUSTOMERS;