Enabling Custom Certificates from SDK

Steps to set up the certificates.

Protegrity Anonymization API uses certificates for secure communication with the client. You can use the certificates provided by Protegrity or use your own certificates. Complete the configurations provided in this section to use your custom certificates with the SDK.

Before you begin

Ensure that the certificates and keys are in the .pem format.

Note: If you want to use the default Protegrity certificates for the Protegrity Anonymization API, then skip the steps to set up the certificates provided in this section.

  1. Complete the configuration on the machine where the Protegrity Anonymization API SDK will be used.
    a. Create a directory that is named .pty_anon in the directory from where the SDK will run.
    b. Create certs in the .pty_anon directory.
    c. Create generated-certs in the certs directory.
    d. Create ca-cert in the generated-certs directory.
    e. Create cert in the generated-certs directory.
    f. Create key in the generated-certs directory.
    g. Copy the client certificates and key to the respective directories in the .pty_anon/certs/ generated-certs directory.
    The directory structure will be as follows:

    .pty_anon/certs/generated-certs/ca-cert/CA-xyz-cert.pem
.pty_anon/certs/generated-certs/key/xyz-key.pem
.pty_anon/certs/generated-certs/cert/xyz-cert.pem

    Make sure that you are using valid certificates. Users can validate the certificates using the commands provided in the section Working with certificates.

    h. Create a config.yaml file in the .pty_anon directory with the following Ingress Endpoint defined under CLUSTER_ENDPOINT. The BUCKET_NAME, ACCESS_KEY, and SECRET_KEY are the default details that are used to communicate with the S3 bucket container for reading and writing files from SDK.

    STORAGE:
  CLUSTER_ENDPOINT: https://anon.protegrity.com/
  BUCKET_NAME: 'anonstorage'
  ACCESS_KEY: 'anonuser'
  SECRET_KEY: 'protegrity'

    Note: Ensure that you replace anon.protegrity.com with your host name specified in values.yaml. Also, ensure that you update the default credentials if you have used your own secret.

  2. Updating the hosts file.
    a. Log in to the machine where the Protegrity Anonymization API SDK will be used.
    b. Update the hosts file with the following code according to your setup.

    For Kubernetes:

    <LB-IP of Ingress> <host defined for ingress in values.yaml>

    For Docker:

    <LB-IP of Ingress> <server_name defined in nginx.conf>

    For example,

    XX.XX.XX.XX anon.protegrity.com

The URL can now be used while creating the Connection Object in the SDK, such as, conn = anonsdk.Connection(“https://anon.protegrity.com/").


Last modified : February 18, 2026