Privacy data access groups configuration

When using the privacy methods activate the option and fill in the storage block with database settings for storing the private data:

privacy {
  storage {
    vendor = "S3"
    url = "http://$minioHost:$minioPort"
    bucket = "policy"
    region = "aws-global"
    access-key-id = "minio"
    secret-access-key = "minio123"
    path-style-access-enabled = true
    connection-timeout = 10s
    connection-acquisition-timeout = 30s
    max-concurrency = 100
    read-timeout = 0s
  }
  # Data request timeout.
  request-timeout = 2 minute

  # First retry delay. With each attempt, the delay increases by 4/3.
  init-retry-delay = 30 seconds

  # Max parallel crawling tasks count.
  crawling-parallelism = 100

  # The number of attempts that the crawler will take before the data is marked as lost.
  max-attempt-count = 20

  # Delay between attempts to process the queue of lost items.
  lost-data-processing-delay = 10 minutes

  # Policy data responses cache
  cache {
  # Max count of elements
  max-size = 100
  # Time to expire for element if it hasn't got access during this time
  expire-after = 10m
  }

 }

Parameters description

  • vendor - selecting a data storage option: s3 - cloud or local storage based on Amazon Simple Storage Service (S3), postgres - local storage based on PostgreSQL DB. A Minio server is used for the data storage.

PostgreSQL DB parameters:

  • url - the PostgreSQL DB address;

  • driver - the JDBC driver name;

  • profile - a profile name for the JDBC access;

  • user - a user name for the DB access;

  • password - a password for the DB access;

  • connectionPool - a connection pool name, default is HikariCP.

  • connectionTimeout - a connection timeout;

  • connectionTestQuery - a query name for the connection test;

  • queueSize - a requests queue size;

  • numThreads - a number of parallel connections;

  • schema - an interaction scheme;

  • migration-dir - a path to the data migration directory.

S3 parameters:

  • url - an address of the S3 server for data storage, Minio servers are supported;

  • bucket - a name of the S3 database table to store data;

  • region - the name of the S3 region, the parameter value is aws-global;

  • access-key-id - ID of the data access key;

  • secret-access-key - key for accessing data in S3 storage;

  • path-style-access-enabled = true - immutable parameter for specifying the path to the S3 table;

  • connection-timeout - a connection timeout;

  • connection-acquisition-timeout - a timeout to get a connection;

  • max-concurrency - a number of concurrent accesses to the storage;

  • read-timeout - data read timeout.

Other parameters:

  • request-timeout - a waiting timeout for all responses from peers to a data request.

  • init-retry-delay - a delay from the receiving of the data hash to the start of its search among peers.

  • crawling-parallelism - a limitation of the maximum number of simultaneous processes in the synchronizer.

  • max-attempt-count - the maximum number of rounds for requesting data from peers after which data is considered “lost”.

  • lost-data-processing-delay - an interval of rounds of requests for “lost” data.

  • cache - responses cache settings.

DB PostgreSQL is using as a database for the confidential data storage. The database should be installed on the same machine with the node and should have an DB access account. You can use the PostgreSQL tutorial for download and install the database according with your operation system type.

During the installation the system will offer to create an access account. These credentials must be entered into the appropriate user/password parameters.

Specify the URL for the PostgreSQL connection into the url parameter. URL consists of:

  • POSTGRES_ADDRESS - a PostgreSQL host address;

  • POSTGRES_PORT - a PostgreSQL host port number;

  • POSTGRES_DB - a PostgreSQL name.

You can specify the PostgreSQL credentials with the URL in the same string. The example is represented bellow, where user=user_privacy_node_0@we-dev is a login, password=7nZL7Jr41qOWUHz5qKdypA&sslmode=require - a password with require option during the authorization.

Example

privacy.storage.url = "jdbc:postgresql://vostk-dev.postgres.database.azure.com:5432/privacy_node_0?user=user_privacy_node_0@we-dev&password=7nZL7Jr41qOWUHz5qKdypA&sslmode=require"