Configuration

Philter has many options to control how it operates. The options and how to configure them are described below.

Note that the configuration of individual PHI/PII filters are managed through filter profiles.

Configuration Properties

How Philter runs and the types of data it filters are controlled via its properties file application.properties. A description of the available options is below. Any changes to these settings requires Philter to be restarted for the changes to take affect.

General Settings

These values configure the general operation operation of Philter.

Option Description Allowed Values Default Value
server.port The port Philter’s REST API listens on. Any available port. 8080
rest.api.enabled Whether or not Philter’s REST API is enabled. true,false true
metrics.enabled Enables metrics reporting via JMX. truefalse true
filter.profiles.directory The directory in which to look for filter profiles. Any valid directory path. ./profiles/

REST API SSL

The REST API can be configured to use an SSL listener. When Philter is deployed via the AWS or Windows Azure marketplaces or DockerHub, SSL will already be enabled via a self-signed certificate. It is recommended you replace this self-signed certificate with a valid certificate from your organization. When configured, the SSL listener will be available on the port defined by server.port.

Option Description Allowed Values Default Value
server.ssl.key-store-type The type of keystore. PKCS12 or JKS No default value.
server.ssl.key-store Full path to the keystore file. File path. No default value.
server.ssl.key-store-password The keystore’s password. A valid password. No default value.
server.ssl.key-alias The certificate alias in the keystore. A valid alias. No default value.
security.require-ssl Whether or not SSL is enabled. true or false false

An example configuration is shown below:

# SSL certificate settings
server.ssl.key-store-type=PKCS12
server.ssl.key-store=/opt/philter/ssl/philter.p12
server.ssl.key-store-password=Password123!
server.ssl.key-alias=philter
security.require-ssl=true

The command that generated the self-signed certificate used above:

keytool -genkeypair -keypass Password123! -dname "CN=philter, O=philter, C=US\ -alias philter -keyalg RSA -keysize 4096 -storepass Password123! -storetype PKCS12 -keystore /opt/philter/ssl/philter.p12 -validity 3650

Anonymization Cache Service

The anonymization cache service is required to use consistent anonymization.

The anonymization cache will contain PHI. It is important that you take the necessary precautions to secure the cache and all communication to and from the cache.
Option Description Allowed Values Default Value
anonymization.cache.service Specifies the type of anonymization cache service. localredis local
anonymization.cache.service.host The hostname or IP address of the Redis cache. Any valid Redis endpoint. localhost
anonymization.cache.service.port The Redis cache port. Any valid port. 6379
anonymization.cache.service.ssl Whether or not to use SSL for communication with the Redis cache. truefalse true

Streaming

These properties are required when using Philter streaming.

Option Description Allowed Values Default Value
kafka.topic.inbound The name of the incoming Kafka topic containing the PHI text. Any valid Kafka topic name phi
kafka.topic.outbound Any valid Kafka topic name The name of the outgoing Kafka topic for the filtered text. no-phi
kafka.group.id The group ID for the Kafka consumer. Any valid identifier A random UUID value.
kafka.brokers The Kafka brokers. Any valid Kafka broker endpoint(s) localhost:9092
streaming.response.format The format in which filtered text will be published to the Kafka topic. For a description of the JSON format see Filtering via Streaming. jsonplain json

Kafka Streaming SSL

Refer to the Apache Kafka documentation for more information on the following configuration settings.

Option Description Default Value
kafka.security.protocol The Kafka security protocol. No default value.
kafka.ssl.truststore.location The Kafka trust store. No default value.
kafka.ssl.truststore.password The Kafka trust store password. No default value.
kafka.ssl.keystore.location The Kafka key store. No default value.
kafka.ssl.keystore.password The Kafka key store password. No default value.
kafka.ssl.key.password The password of the private key in the key store file. No default value.
Was this article helpful to you? Yes No

How can we help?