Configuration

Philter has many options to control how it operates. The options and how to configure them are described below.

Configuration Properties

How Philter runs and the types of data it filters are controlled via its properties file application.properties. A description of the available options is below. Any changes to these settings requires Philter to be restarted for the changes to take affect.

General Settings

These values configure the general operation operation of Philter.

Option Description Allowed Values Default Value
server.port The port Philter’s REST API listens on. Any available port. 8080
rest.api.enabled Whether or not Philter’s REST API is enabled. true,false true
metrics.enabled Enables metrics reporting via JMX. truefalse true

REST API SSL

The REST API can be configured to use an SSL listener. When Philter is deployed via the AWS or Windows Azure marketplaces or DockerHub, SSL will already be enabled via a self-signed certificate. It is recommended you replace this self-signed certificate with a valid certificate from your organization. When configured, the SSL listener will be available on the port defined by server.port.

Option Description Allowed Values Default Value
server.ssl.key-store-type The type of keystore. PKCS12 or JKS No default value.
server.ssl.key-store Full path to the keystore file. File path. No default value.
server.ssl.key-store-password The keystore’s password. A valid password. No default value.
server.ssl.key-alias The certificate alias in the keystore. A valid alias. No default value.
security.require-ssl Whether or not SSL is enabled. true or false false

An example configuration is shown below:

# SSL certificate settings
server.ssl.key-store-type=PKCS12
server.ssl.key-store=/opt/philter/ssl/philter.p12
server.ssl.key-store-password=Password123!
server.ssl.key-alias=philter
security.require-ssl=true

The command that generated the self-signed certificate used above:

keytool -genkeypair -keypass Password123! -dname "CN=philter, O=philter, C=US\ -alias philter -keyalg RSA -keysize 4096 -storepass Password123! -storetype PKCS12 -keystore /opt/philter/ssl/philter.p12 -validity 3650

General Filters

These values configure the general filters. Note that all filters are enabled by default and a filter will only be disabled by setting the respective property to a value other than true.

Option Description Allowed Values Default Value
filter.city.enabled Enables filtering of US cities. truefalse true
filter.county.enabled Enables filtering of US counties. truefalse true
filter.credit.card.enabled Enables filtering of credit card numbers. truefalse true
filter.icd9.enabled Enables filtering of ICD-9 codes. truefalse true
filter.icd10.enabled Enables filtering of ICD-10 codes. truefalse true
filter.orangebook.enabled Enables filtering of OrangeBook medications. truefalse true
filter.date.enabled Enables filtering of dates. truefalse true
filter.email.enabled Enables filtering of email addresses. true,false true
filter.id.enabled Enables filtering of ID numbers (sequences of alphanumberic characters). truefalse true
filter.ip.enabled Enables filtering of IP (v4 and v6) addresses. truefalse true
filter.ner.persons.enabled Enables filtering person names. truefalse true
filter.ner.locations.enabled Enables filtering of locations. truefalse true
filter.phone.enabled Enables filtering of phone numbers. truefalse true
filter.ssn.enabled Enables filtering of US social security numbers. truefalse true
filter.state.enabled Enables filtering of US states. truefalse true
filter.url.enabled Enables filtering of URLs. truefalse true
filter.vin.enabled Enables filtering of Vehicle Identification Numbers. truefalse true
filter.zipcode.enabled Enables filtering of US zip codes. truefalse true

Anonymization

See Anonymization for details on the anonymization capabilities.

Option Description Allowed Values Default Value
filter.city.anonymize Enables anonymizing US cities. truefalse false
filter.county.anonymize Enables anonymizing US counties. truefalse false
filter.icd9.anonymize Enables anonymizing ICD-9 codes. truefalse false
filter.icd10.anonymize Enables anonymizing ICD-10 codes. truefalse false
filter.orangebook.anonymize Enables anonymizing OrangeBook medications. truefalse false
filter.date.anonymize Enables anonymizing dates. truefalse false
filter.id.anonymize Enables anonymizing ID numbers (sequences of alphanumberic characters). truefalse false
filter.ip.anonymize Enables anonymizing IP (v4 and v6) addresses. truefalse false
filter.ner.persons.anonymize Enables anonymizing person names. truefalse false
filter.ner.locations.anonymize Enables anonymizing locations. truefalse false
filter.phone.anonymize Enables anonymizing phone numbers. truefalse false
filter.ssn.anonymize Enables anonymizing US social security numbers. truefalse false
filter.state.anonymize Enables anonymizing US states. truefalse false
filter.url.anonymize Enables anonymizing URLs. truefalse false
filter.vin.anonymize Enables anonymizing Vehicle Identification Numbers. truefalse false
filter.zipcode.anonymize Enables anonymizing US zip codes. truefalse false

Anonymization Cache Service

The anonymization cache service is required to use consistent anonymization.

The anonymization cache will contain PHI. It is important that you take the necessary precautions to secure the cache and all communication to and from the cache.
Option Description Allowed Values Default Value
anonymization.cache.service Specifies the type of anonymization cache service. localredis local
anonymization.cache.service.host The hostname or IP address of the Redis cache. Any valid Redis endpoint. localhost
anonymization.cache.service.port The Redis cache port. Any valid port. 6379
anonymization.cache.service.ssl Whether or not to use SSL for communication with the Redis cache. truefalse true

Streaming

These properties are required when using Philter streaming.

Option Description Allowed Values Default Value
kafka.topic.inbound The name of the incoming Kafka topic containing the PHI text. Any valid Kafka topic name phi
kafka.topic.outbound Any valid Kafka topic name The name of the outgoing Kafka topic for the filtered text. no-phi
kafka.group.id The group ID for the Kafka consumer. Any valid identifier A random UUID value.
kafka.brokers The Kafka brokers. Any valid Kafka broker endpoint(s) localhost:9092
streaming.response.format The format in which filtered text will be published to the Kafka topic. For a description of the JSON format see Filtering via Streaming. jsonplain json

Kafka Streaming SSL

Refer to the Apache Kafka documentation for more information on the following configuration settings.

Option Description Default Value
kafka.security.protocol The Kafka security protocol. No default value.
kafka.ssl.truststore.location The Kafka trust store. No default value.
kafka.ssl.truststore.password The Kafka trust store password. No default value.
kafka.ssl.keystore.location The Kafka key store. No default value.
kafka.ssl.keystore.password The Kafka key store password. No default value.
kafka.ssl.key.password The password of the private key in the key store file. No default value.
Was this article helpful to you? Yes No

How can we help?