Datasets

Step-by-step instructions for creating Datasets

Introduction

A Dataset is the primary building block (in the Ubiq Dashboard) of data that you choose to encrypt.

Datasets can be configured as two types:

1. Structured

  • Example: Data stored in a database column with a fixed length and type. Like a name, address, or SSN.

2. Unstructured

  • Example: Files (audio, video, PDF, text, etc.) stored in an unstructured data store such as AWS S3, Google Cloud Storage, or a Data Lake.

Given an application could have multiple data elements and data types that you’d like to encrypt, Datasets provide you a more logical and flexible representation of each.

Create a Dataset

  1. Prepare a secure location for storage of Ubiq API Key Credentials. The process of creating a Dataset will create cryptographic API Key Credentials for your application that will only be shown once in the Ubiq UI. To ensure confidentiality of encrypted data, it is important to keep these API Key Credentials secret. They should not be stored in standard files or checked into source code repositories. Additionally, the availability of these API Key Credentials is paramount. If lost or destroyed, they cannot be restored and data encrypted with those Credentials may be irrecoverable.

❗️

To ensure security of API Key Credentials, they should be stored in a well-managed and backed up secret management server or password vault.

  1. On the left side menu click Datasets.

  1. The Datasets panel appears.
1836

[Datasets Panel]

  1. Click on the + New Dataset button to enter the Dataset Creation Wizard.
1656

[Dataset Creation Wizard]

  1. Input the following Information:
    a) Dataset Name - An internal name that will be used to help you identify what data you're encrypting
    b) Description - A short description to keep track of your dataset definitions
    c) Dataset Group - Create a new Dataset Group or select an existing one
    d) Primary Key - Create a new Primary Key, or manually select an existing one
    e) Click Continue to input the Data Type that you will be encrypting
1836

[Example above shows Structured Data selected to be stored in Amazon RDS]

  1. Enter Data Type information.
    a) Select Structured or Unstructured
    b) Select the Storage Vendor (optional)
    c) Click Continue to go to the next step

  1. If you selected Structured Data, then you will be presented with the Structured Data Definition page. If you selected Unstructured Data, then you will skip Step 8 and go straight to Step 9 to review your settings.
1836

[Structured Data Definition Page]

  1. Enter Structured Data Definition parameters:
    a) Input Character Set - Acceptable input characters for encryption
    b) Output Character Set - Acceptable output characters for encryption
    c) Optional Partial Encryption (Activate if applicable for data masking) - See here for more about this feature
    1. If using the Partial Encryption option: Set the Passthrough Character Set (if any), Prefix and Suffix number of characters to leave unencrypted
    2. Test your Partial Encryption settings by inputing a sample input and verifying what that excrypted text will look like. Adjust as necessary (see example below for a Social Security Number)
Optional Partial Encryption Example for a Social Security Number

[Optional Partial Encryption Example for a Social Security Number]

d. Click Continue to go to the next page

📘

For the first time creating a Structured Data Definition, here are some suggested values for the variables:

Example: A U.S. Social Security Number (SSN)
Input character set: 0123456789
Output character set: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
Passthrough: - (dash & space)
Min Input Length: 9
Max Input Length: 9

  1. Review all the setting for your New Dataset.
1652

[Review Page - Example without Partial Encryption]

      a) Click Create to generate the Dataset's API Key Credentials

1838

[Copy Keys Page]

  1. Copy Keys.

      a) Click Copy Key Credentials to save to your clipboard to use with a Ubiq Client Library

❗️

If you lose these API Key Credentials, then encrypted data may be inaccessible. Confidentially of these credentials is also critical to protecting encrypted data.

For these reasons, the API Key Credentials should be stored in a well-managed and backed-up secret management server or password vault.

      b) Click Continue. Once created, your new Dataset will be displayed on the Dataset Panel

  1. Return to the Dashboard Home at any time by clicking on the Ubiq logo or the Home button in the navigation pane.