Philter has many options to control how it operates. The options and how to configure them are described below.

Philter is installed into /opt/philter and its log file is available at /var/log/philter.log.

Configuration Properties

Philter’s configuration properties file is This file is located in Philter’s installation directory. Any changes to these settings requires Philter to be restarted for the changes to take affect.

Note that the configuration of how Philter identifies and replaces PHI and PII are defined in filter profiles outside of Philter’s general configuration properties described here.

General Settings

These values configure the general operation operation of Philter.

Option Description Allowed Values Default Value
server.port The port Philter’s REST API listens on. Any available port. 8080 The directory in which to look for filter profiles. Any valid directory path. ./profiles/
logging.level.root Overrides Philter’s log level. INFO, DEBUG, ERROR INFO


These values configure how Philter reports metrics during its operations. For more information on the metrics collected and reported see Metrics.


Option Description Allowed Values Default Value
metrics.jmx.enabled Enables metrics reporting via JMX. truefalse false
metrics.cloudwatch.enabled Enables metrics reporting via AWS CloudWatch. truefalse false
metrics.cloudwatch.region The AWS CloudWatch region. Any valid AWS region name. us-east-1
metrics.cloudwatch.access.key The AWS CloudWatch access key. Leave blank to use IAM roles. An AWS access key. No default value.
metrics.cloudwatch.secret.key The AWS CloudWatch secret key. Leave blank to use IAM roles. An AWS secret key. No default value.
metrics.cloudwatch.namespace The AWS CloudWatch namespace for the metrics. Any valid namespace name. Philter
metrics.datadog.enabled Enables metrics reporting via Datadog. truefalse false
metrics.datadog.apikey Your Datadog API key. Any valid Datadog API key. Philter


The REST API can be configured to use an SSL listener. When Philter is deployed via the AWS Marketplace, Windows Azure Marketplace or other third-party cloud marketplace, SSL will already be enabled via a self-signed certificate. It is recommended you replace this self-signed certificate with a valid certificate for your organization. When configured, the SSL listener will be available on the port defined by server.port.

Option Description Allowed Values Default Value
server.ssl.key-store-type The type of keystore. PKCS12 or JKS No default value.
server.ssl.key-store Full path to the keystore file. File path. No default value.
server.ssl.key-store-password The keystore’s password. A valid password. No default value.
server.ssl.key-alias The certificate alias in the keystore. A valid alias. No default value.
security.require-ssl Whether or not SSL is enabled. true or false false

An example configuration is shown below:

# SSL certificate settings

The command that generated the self-signed certificate referenced by the configuration above:

keytool -genkeypair -keypass Password123! -dname "CN=philter, O=philter, C=US\ -alias philter -keyalg RSA -keysize 4096 -storepass Password123! -storetype PKCS12 -keystore /opt/philter/ssl/philter.p12 -validity 3650

Anonymization Cache Service

The anonymization cache service is required to use consistent anonymization. The anonymization cache service stores PHI and its replacement values for future reference and replacement across documents and contexts.

The anonymization cache will contain PHI. It is important that you take the necessary precautions to secure the cache and all communication to and from the cache.
Option Description Allowed Values Default Value
anonymization.cache.service Specifies the type of anonymization cache service. localredis local The hostname or IP address of the Redis cache. Any valid Redis endpoint. localhost
anonymization.cache.service.port The Redis cache port. Any valid port. 6379
anonymization.cache.service.ssl Whether or not to use SSL for communication with the Redis cache. truefalse true

Filter Profile Registry

Philter can integrate with a Filter Profile Registry to provide centralized management of filter profiles. Usage of a Filter Profile Registry can be enabled by providing a value for the filter.profile.registry.endpoint property, and, similarly, can be disabled by not providing a value or by simply removing the property. When a filter profile registry is used, filter profiles will first be looked for in the registry, and if not found, Philter will look for the filter profile locally in the location defined by

Option Description Allowed Values Default Value
filter.profile.registry.endpoint The endpoint for the Filter Profile Registry. A valid HTTP/s endpoint. http://localhost:8080

Filtered Replacements Store

Locations in text replaced by Philter can be persisted to a MongoDB database. The following settings control if this functionality is enabled and the location of the MongoDB database. The store provides a historical reference of how the text was processed. This store will not contain PHI. It will only contain locations in the input text that Philter identified as PHI.

Option Description Allowed Values Default Value
store.enabled Whether or not to utilize the backend store for replaced values. truefalse false
store.elasticsearch.index The name of the Elasticsearch index to use. An index name. philter The hostname or IP address of the Elasticsearch instance. A hostname or IP address.
store.elasticsearch.scheme The protocol to use to connect to Elasticsearch. http or https https
store.elasticsearch.port The Elasticsearch port. A valid port number. 443
Was this article helpful to you? Yes No

How can we help?