Cloud Protectors keep your data safe when using cloud services like AWS. They work with tools such as Snowflake, Redshift, and Athena to protect sensitive information during queries and analytics. These protectors apply security rules, such as encryption and masking. This ensures that your data stays secure while moving through cloud-based workflows. They are designed to integrate easily with your existing cloud setup, making protection seamless without slowing down performance.

For more information about the Cloud Protect documentation, refer here.

2 - Application Protector

List of Application Protectors

2.1 - Application Protector

List of Application Protectors

2.1.1 - Application Protector Java

Details about Application Protector Java

The Protegrity Application Protector (AP) Java provides APIs that integrate with the customer application to protect, unprotect, and reprotect sensitive data. The AP Java can be used with any customer application that is developed using the Java programming language.

To perform protect and unprotect operations, refer to Application Protector Java APIs.

2.1.1.1 - Installing the Application Protector Java

Steps to install Application Protector Java

Setting up the Application Protector Java

Prerequisites

For a detailed information on the prerequistes, refer to System Requirements.

Integrating the Application Protector Java with PPC

To integrate the Application Protector Java with PPC, perform the following steps:

Install and set up the PPC using the steps from the Installing PPC documentation.
Preparing the environment using the steps mentioned in the section Preparing the Environment.
Install the Application Protector Java using the steps mentioned in the section Application Protector Java Installation.
Note: When prompted for the ESA IP address, enter the PPC FQDN as configured in Step 4 of Deploying PPC. Ensure the FQDN does not exceed 50 characters. For the ESA listening port, enter 25400. These specific values are required to integrate the protector with the PPC.

Post Configuration Steps

For a detailed information on the post configuration steps, refer to Verifying Installation of AP Java.

2.1.1.2 - Uninstalling the Application Protector Java

Steps to uninstall Application Protector Java

Uninstalling the Application Protector Java

For more information about uninstalling the Application Protector Java, refer to Uninstalling the Application Protector Java.

Deleting the PPC

For more information about deleting the PPC, refer to Deleting PPC.

2.1.2 - Application Protector Python

Details about Application Protector Python

The Protegrity Application Protector (AP) Python provides APIs that integrate with the customer application to protect, unprotect, and reprotect sensitive data. The AP Python can be used with any customer application that is developed using the Python programming language.

To perform protect and unprotect operations, refer to Application Protector Python APIs.

2.1.2.1 - Installing the Application Protector Python

Steps to install Application Protector Python

Setting up the Application Protector Python

Prerequisites

For a detailed information on the prerequistes, refer to System Requirements.

Integrating the Application Protector Python with PPC

To integrate the Application Protector Python with PPC, perform the following steps:

Install and set up the PPC using the steps from the Installing PPC documentation.
Preparing the environment using the steps mentioned in the section Preparing the Environment.
Install the Application Protector Python using the steps mentioned in the section Application Protector Python Installation.
Note: When prompted for the ESA IP address, enter the PPC FQDN as configured in Step 4 of Deploying PPC. Ensure the FQDN does not exceed 50 characters. For the ESA listening port, enter 25400. These specific values are required to integrate the protector with the PPC.

Post Configuration Steps

For a detailed information on the post configuration steps, refer to Verifying the installation of AP Python.

2.1.2.2 - Uninstalling the Application Protector Python

Steps to uninstall Application Protector Python

Uninstalling the Application Protector Python

For more information about uninstalling the Application Protector Python, refer to Uninstalling the Application Protector Python.

Deleting the PPC

For more information about deleting the PPC, refer to Deleting PPC.

2.1.3 - Application Protector .Net

Details about Application Protector .Net

The Protegrity Application Protector (AP) .Net provides APIs that integrate with customer applications to protect, unprotect, and reprotect sensitive data. It can be used with any application developed using .NET Standard 2.0.

To perform protect and unprotect operations, refer to the section Application Protector .Net APIs.

2.1.3.1 - Installing the Application Protector .Net

Steps to install Application Protector .Net

Setting up the Application Protector .Net

Prerequisites

For a detailed information on the prerequistes, refer to System Requirements.

Integrating the Application Protector .Net with PPC

To integrate the Application Protector .Net with PPC, perform the following steps:

Install and set up the PPC using the steps from the Installing PPC documentation.
Preparing the environment using the steps mentioned in the section Preparing the Environment.
Install the Application Protector Java using the steps mentioned in the section Application Protector .Net Installation.
Note: When prompted for the ESA IP address, enter the PPC FQDN as configured in Step 4 of Deploying PPC. Ensure the FQDN does not exceed 50 characters. For the ESA listening port, enter 25400. These specific values are required to integrate the protector with the PPC.

Post Configuration Steps

For a detailed information on the post configuration steps, refer to Verifying Installation of AP .Net.

2.1.3.2 - Uninstalling the Application Protector .Net

Steps to uninstall Application Protector .Net

Uninstalling the Application Protector .Net

For more information about uninstalling the Application Protector .Net, refer to Uninstalling the Application Protector .Net.

Deleting the PPC

For more information about deleting the PPC, refer to Deleting PPC.

2.2 - Application Protector Java Container

Details about Application Protector Java Container

Application Protector Java Container is a Kubernetes-based solution to perform security operations using Application Protector Java SDKs in a native cloud environment.

To perform protect and unprotect operations, refer to Application Protector Java Container.

2.2.1 - Installing the Application Protector Java Container

Steps to install Application Protector Java Container

Setting up the Application Protector Java Container

The Protegrity Application Protector Java Container provides a robust and scalable APIs designed to simplify integration of Protegrity functions across your systems. Whether you are building custom applications, streamlining workflows, or enabling third-party access, our API offers secure, reliable, and well-documented interface.

Prerequisites

For a detailed information on the prerequistes, refer to System Requirements.

Integrating the Application Protector Java Container with PPC

Before you begin

Ensure that the credentials for the My.Protegrity portal are set up and the PPC Cluster is installed and accessible.

For more information about setting up the credentials for the My.Protegrity portal, refer to the section Configuring Authentication for Protegrity AI Team Edition.

For more information about installing PPC, refer to the section Installing PPC.

To integrate the Application Protector Java Container with PPC, perform the following steps:

Preparing the environment using the steps mentioned in the section Preparing the Environment.
Install the Application Protector Java Container using the steps mentioned in the section Installing the Protector.

Note: When prompted for the ESA IP address, enter the PPC FQDN as configured in Step 4 of Deploying PPC. Ensure the FQDN does not exceed 50 characters. For the ESA listening port, enter 25400. These specific values are required to integrate the protector with the PPC.

2.3 - REST Container

Details about REST Container.

REST Container is a Kubernetes-based solution to perform security operations using REST APIs in a native cloud environment.

To perform protect and unprotect operations, refer to REST Container.

2.3.1 - Installing the REST Container

Steps to install REST Container

Setting up the REST Container

The Protegrity REST Container provides a robust and scalable REST API designed to simplify integration of Protegrity functions across your systems. Whether you are building custom applications, streamlining workflows, or enabling third-party access, our API offers secure, reliable, and well-documented endpoints to help you achieve your goals efficiently. With support for standard HTTP methods and JSON payloads, developers can quickly get started.

Prerequisites

For a detailed information on the prerequistes, refer to System Requirements.

Integrating the REST Container with PPC

Before you begin

Ensure that the credentials for the My.Protegrity portal are set up and the PPC Cluster is installed and accessible.

For more information about setting up the credentials for the My.Protegrity portal, refer to the section Configuring Authentication for Protegrity AI Team Edition.

For more information about installing PPC, refer to the section Installing PPC.

To integrate the REST Container with PPC, perform the following steps:

Preparing the environment using the steps mentioned in the section Preparing the Environment.
Install the REST Container using the steps mentioned in the section Installing the Protector.

Note: When prompted for the ESA IP address, enter the PPC FQDN as configured in Step 4 of Deploying PPC. Ensure the FQDN does not exceed 50 characters. For the ESA listening port, enter 25400. These specific values are required to integrate the protector with the PPC.

3 - Repository Protector

List of Repository Protectors

3.1 - Amazon EMR Protector

Using Amazon EMR Protector

The Big Data Protector UDFs and APIs provide a robust framework for securing sensitive data within EMR environments on AWS. These components are part of the Protegrity Big Data Protector architecture, enabling developers and data engineers to integrate advanced data protection directly into big data workflows. The User Defined Functions (UDFs) allow seamless encryption, tokenization, and de-tokenization of sensitive fields during Hive and Spark. By embedding Protegrity UDFs into SQL queries, organizations can enforce column-level security without altering application logic. This ensures compliance while maintaining analytical performance.

To perform protect and unprotect operations using the User Defined Functions, refer to User Defined Functions and APIs.

3.1.1 - Installing the Amazon Elastic MapReduce Protector

Steps to install the Amazon Elastic MapReduce Protector

Setting up the Amazon EMR Protector

The Amazon EMR Protector v10.0.0 is part of the Protegrity Big Data Protector suite, designed to secure sensitive data in distributed processing environments on AWS Elastic MapReduce (EMR). This protector enables organizations to run analytics on large-scale datasets while ensuring compliance with stringent data privacy regulations.

The Bootstrap Installer is designed to automate the deployment of the Protegrity Big Data Protector (BDP) components during the creation of an Amazon EMR cluster. By leveraging AWS bootstrap actions, this method ensures that all required libraries, configuration files, and services are installed and configured as part of the cluster initialization process.

The Static Installer provides a manual or scripted approach for installing BDP components on existing EMR clusters. This method is best suited for environments where clusters are persistent or require custom installation steps outside the bootstrap lifecycle.

Prerequisites

Register the jumpbox

To register and prepare the jumpbox, refer to Registering and preparing the jumpbox.

For a detailed information on the prerequistes for the Bootstrap installer, refer to Verifying the prerequisites.

For a detailed information on the prerequistes for the Static installer, refer to Verifying the prerequisites for Static Installer.

Integrating the Amazon EMR Protector with Protegrity Provisioned Cluster (PPC)

To integrate the Amazon EMR Protector with PPC, perform the following steps:

Install the EMR protector using the bootstrap installer as per steps mentioned in the section Using the Bootstrap Installer.

Install the EMR protector using the static installer as per steps mentioned in the section Using the Static Installer.

Note: When prompted for the ESA IP address, enter the PPC FQDN as configured in Step 4 of Deploying PPC. Ensure the FQDN does not exceed 50 characters. For the ESA listening port, enter 25400. These specific values are required to integrate the protector with the PPC.

Post Configuration Steps

For a detailed information on the post configuration steps, refer to Configuring the Protector.

3.1.2 - Uninstalling the Amazon Elastic MapReduce Protector

Steps to uninstall the Amazon Elastic MapReduce Protector

For more information about uninstalling the Amazon EMR Protector, refer to Uninstalling the protector.

3.2 - AWS Databricks Protector

Using AWS Databricks Protector

The Protegrity Big Data Protector for AWS Databricks delivers end‑to‑end data protection. Organizations deploying the Big Data Protector rely on modern, supported storage options such as Workspace storage, Unity Catalog Volumes, and cloud object storage like Amazon S3.

Designed to secure sensitive data across analytics pipelines, the Big Data Protector applies advanced tokenization and encryption during Spark execution and enforces centralized, policy‑driven controls. Whether installed via Workspace-backed paths or deployed using S3 buckets for configuration and script delivery, the Protector ensures resilient execution across AWS Databricks clusters.

By embracing cloud‑native storage paths, this approach ensures long‑term compatibility with Databricks platform changes while maintaining Protegrity’s standard of seamless and transparent protection. Organizations can continue to process high‑value datasets on AWS Databricks with confidence—knowing that sensitive information is secured across its lifecycle, even as the underlying platform evolves.

The Protegrity Big Data Protector for AWS Databricks empowers organizations to secure sensitive data across their analytics pipelines by combining high‑performance protection mechanisms with flexible deployment models tailored for modern cloud architectures. Central to this capability are two approaches; Application Protector REST (AP REST) and Cloud Protector approach. Each approach is designed to address different customer requirements around scalability, infrastructure usage, and cost optimization.

3.2.1 - Installing the AWS Databricks Protector

Steps to install the AWS Databricks Protector

Prerequisites

For more information about the prerequisites, refer to the sections listed below.

Register the jumpbox

To register and prepare the jumpbox, refer to Registering and preparing the jumpbox.

For the Application Protector REST Approach

For more information about the prerequisites, refer to For the Application Protector REST Approach.

For the Cloud Protector Approach

For more information about the prerequisites, refer to For the Cloud Protector Approach

Preparing the Environment

For more information about the preparing the environment, refer to Preparing the Environment.

Installing the Protector

For more information about installing the protector, refer to Creating the User Defined Functions.

Integrating the AWS Databricks Protector with Protegrity Provisioned Cluster (PPC)

To integrate the AWS Databricks Protector with PPC, perform the following steps:

When prompted for the ESA IP address, enter the PPC FQDN as configured in Step 4 of Deploying PPC. Ensure the FQDN does not exceed 50 characters. For the ESA listening port, enter 25400. These specific values are required to integrate the protector with the PPC.

Configuring the Protector

For more information about protector configuration, refer to Editing the Cluster Configuration.

3.2.2 - Uninstalling the AWS Databricks Protector

Steps to uninstall the AWS Databricks Protector

For more information about uninstalling the AWS Databricks Protector, refer to Dropping the User Defined Functions.

3.3 - CDP-AWS-DataHub Protector

Using CDP-AWS-DataHub Protector

The CDP-AWS-DataHub UDFs and APIs provide a robust framework for securing sensitive data within Cloudera Data Platform (CDP) environments on AWS. These components are part of the Protegrity Big Data Protector architecture, enabling developers and data engineers to integrate advanced data protection directly into big data workflows. The User Defined Functions (UDFs) allow seamless encryption, tokenization, and de-tokenization of sensitive fields during Hive, Spark, and Impala operations. By embedding Protegrity UDFs into SQL queries, organizations can enforce column-level security without altering application logic. This ensures compliance while maintaining analytical performance.

To perform protect and unprotect operations using the User Defined Functions, refer to User Defined Functions and APIs.

3.3.1 - Installing the CDP-AWS-DataHub Protector

Steps to install the CDP-AWS-DataHub Protector

Setting up the CDP-AWS-DataHub Protector

The CDP-AWS-DataHub Protector v10.0.0 secures sensitive data across the Cloudera Data Platform (CDP) environments hosted on AWS. The protector leverages Protegrity’s tokenization and encryption features to secure data at rest, in transit, and during processing within AWS DataHub clusters.

Prerequisites

For a detailed information on the prerequistes, refer to System Requirements.

Register the jumpbox

To register and prepare the jumpbox, refer to Registering and preparing the jumpbox.

Integrating the CDP-AWS-DataHub Protector with Protegrity Provisioned Cluster (PPC)

To integrate the CDP-AWS-DataHub Protector with PPC, perform the following steps:

Preparing the environment using the steps mentioned in the section Preparing the Environment.
Install the Big Data Protector using the steps mentioned in the section Installing the Big Data Protector.

Note: When prompted for the ESA IP address, enter the PPC FQDN as configured in Step 4 of Deploying PPC. Ensure the FQDN does not exceed 50 characters. For the ESA listening port, enter 25400. These specific values are required to integrate the protector with the PPC.

Post Configuration Steps

For a detailed information on the post configuration steps, refer to Configuring the Big Data Protector.

3.3.2 - Uninstalling the CDP-AWS-DataHub Protector

Steps to uninstall the CDP-AWS-DataHub Protector

For more information about uninstalling the CDP AWS DataHub Protector, refer to Uninstalling the Big Data Protector.