Optional steps for AWS and Azure

Optional steps for setting up Protegrity Anonymization on AWS or Azure.

Optional - Using custom certificates in Ingress

Protegrity Anonymization uses certificates for secure communication with the client. You can use the certificates provided by Protegrity or use your own certificates. Complete the configurations provided in this section to use your custom certificates with the Ingress Controller.

Ensure that the certificates and keys are in the .pem format.

Note: Skip the steps provided in this section if you want to use the default Protegrity certificates for Protegrity Anonymization.

  1. Log in to the Base Machine where Ingress in configured and open a command prompt.

  2. Copy your certificates to the Base Machine.

  3. Create a Kubernetes secret of the server certificate using the following command. The namespace used must be the same where Protegrity Anonymization application is to be deployed.

    kubectl create secret --namespace <namespace-name> generic <secret-name> --from-file=tls.crt=<path_to_certificate>/<certificate-name> --from-file=tls.key=<path_to_certificate>/<certificate-key>

    For example,

    kubectl create secret --namespace anon-ns generic anon-protegrity-tls --from-file=tls.crt=/tmp/cust_cert/anon-server-cert.pem --from-file=tls.key=/tmp/cust_cert/anon-server-key.pem

  4. Create a Kubernetes secret of the CA certificate using the following command. The namespace used must be the same where the Protegrity Anonymization application is to be deployed.

    kubectl create secret --namespace <namespace-name> generic <secret-name> --from-file=ca.crt=<path_to_certificate>/<certificate-name>

    For example,

    kubectl create secret --namespace anon-ns generic ca-protegrity --from-file=ca.crt=/tmp/cust_cert/anon-ca-cert.pem

  5. Open the values.yaml file.

  6. Add the following host and secret code for the Ingress configuration at the end of the values.yaml file.

    ## Refer section in documentation for setting up and configuring NGINX-INGRESS before deploying the application.
ingress:
  ## Add host section with the hostname used as CN while creating server certificates.
  ## While creating the certificates you can use *.protegrity.com as CN and SAN used in below example
  host: anon.protegrity.com                  # Update the host according to your server certificates.

  ## To terminate TLS on the Ingress Controller Load Balancer.
  ## K8s TLS Secret containing the certificate and key must also be provided.
  secret: anon-protegrity-tls                # Update the secretName according to your secretName.

  ## To validate the client certificate with the above server certificate
  ## Create the secret of the CA certificate used to sign both the server and client certificate as shown in example below
  ca_secret: ca-protegrity                    # Update the ca-secretName according to your secretName.

  ingress_class: nginx-anon

    Note: Ensure that you replace the host, secret, and ca_secret attributes in the values.yaml file with the values as per your certificate.

    For more information about using custom certificates, refer to Enabling custom certificates from SDK.

Optional - MinIO

MinIO uses access keys and secret for performing file operations. Protegrity provides a default set of credentials that are stored as part of the secret storage-creds. If you are creating your own secret, then, update the existingSecret section on the values.yaml file inside the Anon-helm folder.

    ```
    anonstorage:
      ## Refer the following command for creating your own secret.
      ## CMD: kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux
      existingSecret: ""                # Supply your secret Name for ignoring below default credentials.
      bucket_name: "anonstorage"        # Default bucket name for minio
      secret:
        name: "storage-creds"           # Secret to access minio-server
        access_key: "anonuser"          # Access key for minio-server
        secret_key: "protegrity"        # Secret key for minio-server
    ```

Optional - Setting up logging for Protegrity Anonymization

Protegrity Anonymization centralizes logs into a file by leveraging the script Anon_logs.sh (edit according to your requirements). If you haven’t configured log forwarding, this is a quick way of obtaining logs from Protegrity Anonymization.

  1. Navigate to the base machine from where you deployed Protegrity Anonymization, which contains installation files.
  2. Use the Anon_logs.sh script to pull the logs from all the pods. You may need to assign execute permissions to be able to run Anon_logs.sh. you’ll be prompted for the namespace where Anonymization is deployed.
    chmod +x Anon_logs.sh
./<path_to_script>/Anon_logs.sh

Last modified : June 27, 2025