• User Manuals /
  • Denodo Governance Bridge for Collibra - User Manual

Denodo Governance Bridge for Collibra - User Manual

Download original document


You can translate the document:

This is the user manual for Denodo Governance Bridge for Collibra. If you are using IBM® InfoSphere® Information Governance Catalog (IGC), check the Denodo Governance Bridge for IGC - User Manual. Alternatively, if you are using Microsoft Purview, refer to the Denodo Governance Bridge for Microsoft Purview - User Manual.

Overview

Denodo Governance Bridge for Collibra retrieves metadata from Denodo Platform, transforms and upserts it to a Collibra Platform instance as assets and complex relations.

On the other hand, Collibra Data Lineage does not currently support integration of Denodo data source. However it offers the opportunity to create a custom technical lineage following a specification. Conforming to this specification, called batch definition, the Denodo Governance Bridge for Collibra is able to create a folder with the necessary files to load the Denodo Technical Lineage into Collibra via Edge or via Lineage Harvester.

Denodo Governance Bridge for Collibra Synchronization Overview

Denodo Governance Bridge for Collibra provides a service that allows the user to keep synchronized the Collibra Platform instance with  the Denodo metadata.

The following metadata is fetched from Denodo Platform:

  • Database-icon.gif    Databases
  • Folder-icon.gif    Folders
  • DataSource-icon.gif    Data Sources
  • BaseView-icon.gif    Base Views
  • DerivedView-icon.gif    Derived Views
  • InterfaceView-icon.gif    Interface Views
  • Column-icon.gif    Columns

To carry out this integration, Denodo Governance Bridge for Collibra needs the creation of a  metamodel that is necessary to provide a structure for representing Denodo elements as Collibra assets. The table below shows how the data is mapped:

Denodo

Collibra Platform Asset Type

Database

Schema

Folder

Denodo Folder

Data Source

Denodo Data Source

Base View

Table

Derived View

Database View (Table type attribute: Derived View)

Interface View

Database View (Table type attribute: Interface View)

Materialized View

Database View (Table type attribute: Materialized View)

Private View

Database View (Table type attribute: Private View)

Column

Column

The following images show a Denodo database sample and its representation in Collibra Platform:

                      Figure 1 Denodo Platform database sample

 

Figure 2 Diagram example in Collibra Platform result of a Denodo Governance Bridge synchronization

It is important to highlight that Denodo Governance Bridge for Collibra is compatible with Collibra Edge since the 20240123 version. This means that a synchronization performed via Edge can be completed with the metadata imported using the Denodo Governance Bridge for Collibra and vice versa. Nevertheless, the changes required to achieve compatibility, aimed at matching structures and naming conventions in Edge, break the backward compatibility of the Denodo Governance Bridge for Collibra.

Denodo Governance Bridge for Collibra Technical Lineage Overview

Denodo Governance Bridge for Collibra provides a service endpoint that generates a folder with the custom technical lineage for Denodo according to the batch definition format. This technical lineage can be loaded into Collibra via the Lineage Harvester or via Edge.

Requirements

The Denodo Governance Bridge for Collibra requires Java 8 or later and the environment variables JAVA_HOME and PATH correctly configured.

It is also important to highlight that if there are Unicode characters, for example space characters, in the names of the elements to be synchronized or for which you are going to create technical lineage, you must have Unicode support enabled in the Denodo Virtual DataPort server to achieve a correct synchronization in Collibra.

Installation

The Denodo Governance Bridge distribution consists of three folders that contains the distribution for each module:

  • denodo-igc-governance-bridge-<version> for the Denodo Governance Bridge for IGC.
  • denodo-collibra-governance-bridge-<version> for the Denodo Governance Bridge for Collibra.
  • denodo-purview-governance-bridge-<version> for the Denodo Governance Bridge for Microsoft Purview.

Installation of the Denodo Governance Bridge for Collibra

The distribution of the Denodo Governance Bridge for Collibra consists of:

  • Command-line executable scripts for Windows and Linux (/bin folder)

  • Configuration files: application.properties and log4j2.xml (/conf folder)

  • A CMA file, denodo-collibra-metamodel.cma, that can be used to set up the Collibra Platform metamodel (/conf folder). See the Create Collibra metamodel section.

  • A sample JSON file, input-sync.json, required for the execution using the script to synchronize (/conf folder). See the Synchronization script subsection under the Synchronize Denodo VDP with Collibra Platform instance section.

  • A sample JSON file, input-technical-lineage.json, required for the execution using the script to generate technical lineage (/conf folder). See the Technical lineage generation script subsection under the Generate technical lineage section.

  • Java libraries (/lib folder)
  • Denodo Governance Bridge application jar:
    denodo-collibra-governance-bridge-<version>-jar

  • Denodo driver jar: denodo-vdp-jdbcdriver-<version>-full.jar

If you need to use a different Denodo driver version from the one that is distributed, you have to replace this jar by the Denodo driver of the proper version.

In order to install the Denodo Governance Bridge for Collibra, just download the .zip file and extract the tool into the desired folder.

Before running the Denodo Governance Bridge for Collibra, the user has to review and complete the application.properties file. It has some default properties that can be reset and some connection information that should be setted. Consult the section Configuration of the Denodo Governance Bridge for Collibra for more detailed information.

After completing the configuration and running the script denodo-collibra-governance-bridge.sh|bat available in the /bin folder, you can trigger the application.

Configuration of the Denodo Governance Bridge for Collibra

The application.properties file, available in the /conf folder, allows the user to set the properties required to run the application.

Collibra connection properties

  • collibra.url: URL of the Collibra Platform instance
  • collibra.username: username for the Collibra Platform instance
  • collibra.password: password for the Collibra Platform instance. It could be encrypted or clear. See the How to encrypt passwords section for a detailed explanation.

Denodo connection properties

  • denodo.driver-class-name: the class name of the Denodo JDBC driver
  • denodo.host: Denodo host name
  • denodo.username: username used to connect to Denodo Platform
  • denodo.password: password used to connect to Denodo Platform. It could be encrypted or clear. See the How to encrypt passwords section for a detailed explanation.
  • denodo.url: Denodo JDBC connection URL
  • denodo.restful.base-url: URL where the Denodo RESTful web service is deployed
  • denodo.restful.views-path: path to the views
  • denodo.datacatalog.base-url: URL for accessing the Denodo Data Catalog (available since Denodo 8.0)
  • denodo.datacatalog.views-path: path to the views (available since Denodo 8.0)

Collibra custom constants

These properties are used to map the custom types, required by the application to represent  the Denodo elements in Collibra (see the Create Collibra metamodel section for further information), to their Collibra Platform ID.

If the user setup the Collibra Platform instance using the included CMA file, these values can be left as is. Otherwise, please check the Mapping Collibra Platform type identifiers to custom constants subsection in the Create Collibra  metamodel section.

Technical lineage properties

There are two optional properties regarding the generation of technical lineage:

  • technical.lineage.destination.folder: the destination folder name. This folder will be available in the denodo-collibra-governance-bridge-<version> directory, after triggering the technical lineage generation, and will contain the files and folders necessary to create the technical lineage in Collibra. The default value is “TechnicalLineage”.

  • technical.lineage.flows.number.file: the number of flows per lineage.json file. This lineage file is created to define the lineage relation between two or more data objects. Each flow contains the path from a source to a target and defines the transformation code or transformation references to be processed by the Collibra Data Lineage service. If the user does not set a number of flows per file, the service will create a single lineage_1.json file.

Usage

Create Collibra metamodel

The Denodo Governance Bridge for Collibra needs a specific metamodel on the Collibra Platform instance. This expected metamodel includes some out-of-the-box types but it also includes custom types that the user should create before running this application.

This Denodo-Collibra integration includes a CMA file that can be used to prepare the required metamodel. However, this section will outline the custom elements that should be available on the Collibra Platform instance. This allows the user to create the metamodel on his own, without a CMA file.

Domain

The user must create a Domain or Domains with the Physical Data Dictionary type where the Denodo integration assets will be upserted.

The CMA creates a root-level community named Denodo-Collibra Integration that has a domain named Denodo Data Dictionary. Note that only one domain (Denodo-Collibra Integration ) is included in the CMA. However, this integration supports separate domains for each Denodo database.

Asset Types

Asset Type

Description

Parent Asset Type

Denodo Folder

Represents a Denodo folder

BI Folder

Denodo Data Source

Represents a Denodo data source

BI Data Source

Attribute Types

Attribute Type

Description

Kind

Dependency Type

The dependency (e.g. Union) between two views

Text

Multiplicity

The multiplicity of the column-to-column associations

Text

Left Role Description

The left role description of the column-to-column associations

Text

Right Role Description

The right role description of the column-to-column associations

Text

Cache Status

The cache status of the respective view

Text

View Status

The status of the respective view (available since Denodo 8.0)

Text

Relation Types

Head

Role

Co-Role

Tail

Schema

contains

is part of

Denodo Folder

Complex Relation Types

Head

Leg 1

Leg 2

Attributes

Description

Denodo View

Dependency

Name

Name

Dependency Type

Complex relation type used to provide the Denodo views

lineage

source

target

Asset Type

Asset type

Table (1:N)

Table (1:1)

Denodo Column

Association

Name

Name

Multiplicity

Left Role Description

Right Role Description

Complex relation type used to represent the column-to-

column associations

source

target

Asset Type

Asset Type

Column (1:1)

Column (1:1)

Scope

A custom scope should be created in Collibra Data Intelligence Cloud in order to refer to it in the assignments created during the set up configuration. It must also be added to the domain or domains where the Denodo assets are upserted.

The CMA file creates Denodo-Collibra Integration Scope

Assignments

The following scoped assignments should be created:

Asset Type

Add

Schema

Relations: contains Denodo Folder

Denodo Folder

Relations: is part of Schema

Table

Attributes: URL, Cache Status, View Status

Relations: Denodo View Dependency

Database View

Attributes: URL, Cache Status, View Status

Relations: Denodo View Dependency

Column

Relations: Denodo Column Association

Mapping Collibra Platform type identifiers to custom constants

Once the metamodel is created without using the CMA file, the custom constants identifiers available in the application.properties file have to be updated.

The table below shows the mapping between Collibra Platform type and custom constants:

Collibra Platform type

Custom constant

Denodo Folder

customconstant.denodo.folder

Denodo Data Source

customconstant.denodo.data.source

Dependency Type

customconstant.denodoview.complexrelation.dependencytype

Multiplicity

customconstant.denodoassociation.complexrelation.multiplicity

Left Role Description

customconstant.denodoassociation.complexrelation.leftroledescription

Right Role Description

customconstant.denodoassociation.complexrelation.rightroledescription

Cache Status

customconstant.cache.status

View Status

customconstant.view.status

Schema contains/is part of Denodo Folder

customconstant.schema.contains.denodofolder

Denodo View Dependency

customconstant.denodoview.dependency

Denodo View Dependency: source

customconstant.denodoview.complexrelation.source

Denodo View Dependency: target

customconstant.denodoview.complexrelation.target

Denodo Column Association

customconstant.denodocolumn.association

Denodo Column Association: source

customconstant.denodoassociation.complexrelation.source

Denodo Column Association: target

customconstant.denodoassociation.complexrelation.target

Synchronize Denodo VDP with Collibra Platform instance

Once the Denodo Governance Bridge for Collibra is up and running (script denodo-collibra- governance-bridge.sh|bat) it offers four methods that trigger the synchronization of Denodo Platform metadata with Collibra Platform:

  • Service endpoint
  • Synchronization script
  • Collibra Platform Workflow
  • Cron Scheduler

Note that due to the compatibility of Denodo Governance Bridge for Collibra with Collibra Edge, available since the 20240123 version, there is a mandatory property to specify the Collibra Edge connection name created to communicate with the Denodo instance where there is the data to be synchronized. This property should be specified in each synchronization to be able to unify the features offered by both Edge and Denodo Governance Bridge for Collibra. Depending on the method used to trigger the process it can be set on the request body or using properties defined in the application.properties file. See the corresponding section for more detailed information.

The Collibra Edge connection, whose name is required, can be created in Collibra after performing the synchronization using Denodo Governance Bridge for Collibra. If it is created with the name specified in the synchronization carried out with Denodo Governance Bridge for Collibra and the same pair (Denodo database, Collibra domain id) is specified in both synchronizations, the metadata will be synchronized via Edge and Denodo Governance Bridge for Collibra. Nevertheless, note that the changes required to achieve compatibility, aimed at matching structures and naming conventions in Edge, break the backward compatibility of the Denodo Governance Bridge for Collibra.

Service endpoint

The Denodo Governance Bridge for Collibra offers an endpoint service that should be requested using an HTTPS POST method:

 https://<server-host>:<server.port>/api/sync

The server.port is 8442 by default but the user can configure it in the application.properties file.

The request body should be a JSON object defining the Edge connection name of the Collibra Edge connection created to communicate with the Denodo instance where there is the data to be synchronized and, for each database, the name and the respective Collibra domain ID that should be used. Example:

{

   "edgeConnectionName":"DenodoEdge",

   "databaseDomains":{

          "denodo_database_01":"b6d78bb4-8905-4f6c-88a7-039540eeeff3",

          "denodo_database_02":"b6d78bb4-8905-4f6c-88a7-039540eeeff3"

   }

}

Accordingly, the Content-Type header must be added:

 Content-Type: application/json

The output shows information about created and un/modified asset counts. Example:

{

    "Column": {

        "created": 15,

        "un/modified": 95

    },

    "Database View": {

        "created": 0,

        "un/modified": 1

    },

    "Database": {

        "created": 0,

        "un/modified": 1

    },

    "Table": {

        "created": 5,

        "un/modified": 11

    },

    "Denodo Data Source": {

        "created": 1,

        "un/modified": 1

    },

    "Schema": {

        "created": 0,

        "un/modified": 1

    },

    "Denodo Folder": {

        "created": 1,

        "un/modified": 2

    }

}

After the synchronization, the user will have the Denodo metadata available in the Collibra Platform instance:

Figure 3  Domain in Collibra Platform instance with Denodo Platform metadata

Synchronization script

In the bin directory of the distribution you will find the script execute the script denodo-collibra-synchronize-governance-bridge.sh|bat. You can execute it in order to trigger the synchronization:

$ cd denodo-collibra-governance-bridge-<VERSION>

$ bin/denodo-collibra-synchronize-governance-bridge.sh conf/input-sync.json

This script uses curl for invoking the synchronization service endpoint of the Denodo Governance Bridge for Collibra. You can check if you have curl installed in your system using the command:

$ curl --version

        

If curl is not there you can install it from https://curl.haxx.se/dlwiz/.

The denodo-collibra-synchronize-governance-bridge.sh|bat script needs a JSON file with a JSON object defining the Edge connection name of the Collibra Edge connection created to communicate with the Denodo instance where there is the data to be synchronized and, for each Denodo database, the name and the respective Collibra domain ID that should be used.

input-sync.json sample file

{

   "edgeConnectionName":"DenodoEdge",

   "databaseDomains":{

          "Database1":"b6d78bb4-8905-4f6c-88a7-039540eeeff3",

          "Database2":"b6d78bb4-8905-4f6c-88a7-039540eeeff3"

   }

}


The output shows information about created and un/modified asset counts. Example:

$ bin/denodo-collibra-synchronize-governance-bridge.sh conf/input-sync.json

HTTP/1.1 200

Content-Type: application/json

Transfer-Encoding: chunked

Date: Fri, 30 Jun 2023 09:49:12 GMT

{"Column":{"created":99,"un/modified":0},"Table":{"created":3,"un/modified":0},"Database":{"created":0,"un/modified":1},"Schema":{"created":1,"un/modified":0},"Denodo Folder":{"created":2,"un/modified":0},"Denodo Data Source":{"created":2,"un/modified":0}}

Note that the output of the script also includes the HTTP response headers. You can check the HTTP status code to see if the synchronization was OK.

Collibra Platform Workflow

Whenever the user wants a Collibra Workflow to communicate with the Denodo Governance Bridge for Collibra, they can create a user task for the integration to pick it up.

The Collibra Workflow can be a simple workflow that creates a user task called Sync Data User Task. This workflow should be configured to be applied to specific domain types that reside under a particular Collibra Community. After that, the user can start the workflow by simply pressing a button on the domain:

Figure 4 Sync Data User Task button

Check the Collibra Workflow Event-Driven Triggering for Spring Boot Integrations documentation, available in the Collibra Marketplace, for more detailed information.

Note that the user has to configure, in the application.properties file, the trigger.collibra.workflow properties:

  • trigger.collibra.workflow.enabled: true to enable the Collibra Workflow triggering
  • trigger.collibra.workflow.polling-frequency.ms: frequency in milliseconds used by the Denodo Governance Bridge for Collibra to check for Collibra Workflow triggers
  • trigger.collibra.workflow.user-task: name of the Collibra Workflow user task that should be used
  • trigger.collibra.workflow.edge.connection.name: name of the Collibra Edge connection created to communicate with the Denodo instance where there is the data to be synchronized
  • trigger.collibra.workflow.database: Denodo database name that should be processed once the Collibra Workflow is triggered using the Sync Data User Task
  • trigger.collibra.workflow.domain.id: ID of the Collibra domain that must be used when the Collibra Workflow is triggered using the Sync Data User Task

Cron Scheduler

The synchronization, using the Denodo Governance Bridge for Collibra, can be triggered using a cron scheduler. To accomplish this, there are two properties in the application.properties file:

  • trigger.scheduler.cron.enabled: true if the user wants to use this triggering mode
  • trigger.scheduler.cron.expression: cron expression to establish the frequency when the synchronization should be automatically triggered. This cron expression has 6 fields:

  1. The seconds at which it should be triggered. (Valid values are: 0 to 59)
  2. The minute at which it should be triggered. (Valid values are: 0 to 59)
  3. The hour at which it should be triggered. (Valid values are: 0 to 23)
  4. The day of the month at which it should be triggered. (Valid values are: 1 to 31)
  5. The month at which it should be triggered. (Valid values are: 1 to 12, or JAN-DEC)
  6. The day of the week at which it should be triggered. (Valid values are: 0 to 7, or MON-SUN)        

        Example:        

trigger.scheduler.cron.enabled=true

trigger.scheduler.cron.expression=0 0 9-17 * * MON-FRI

Based on this cron configuration example, the Denodo Governance Bridge for Collibra would be triggered on the hour nine-to-five on weekdays.

For more information about the cron expression, please refer to the Spring Boot documentation

Note that this synchronization mode will use the information setting in the collibra.edge.connection.name and collibra.domain.ids properties of the application.properties file:

collibra.edge.connection.name=edgeConnectionName

collibra.domain.ids={\

    "Denodo_database_01": "12d2a285-6dc3-4368-ba87-6a9295377fce",\

    "Denodo_database_02": "08245c84-10bc-4a33-a36b-8f71715a123f"\

}

Denodo technical lineage

The Denodo Governance Bridge for Collibra shows relations between Denodo elements that give rise to Denodo Derived Views.

Figure 5 Denodo View Dependency example

However, the technical lineage is not created as a result of a synchronization but the Denodo Governance Bridge for Collibra provides the possibility to generate technical lineage  that can then be loaded into Collibra.

Considerations

The way to relate the Denodo assets with the corresponding connection from Collibra is via Edge. Before synchronizing a Denodo database via Edge, the user has to register a data source. This registration creates an initial structure in a selected community in Collibra Data Catalog and allows the synchronization and the generation of the corresponding relation of type Technology Asset groups / is grouped by Technology Asset between a System asset and the Denodo database asset.

Without this synchronization via Edge the assets do not have a connection to the System asset, therefore the technical lineage is not able to stitch the columns and tables with their corresponding assets from the Collibra Data Catalog.

In order to perform the stitching of elements, the Denodo Technical Lineage generated by the Denodo Governance Bridge for Collibra specifies the system data object name, consequently the useCollibraSystemName property in the lineage harvester configuration file should be set to true.

Note that the metadata synchronizations between Collibra and Denodo made via Edge or via Denodo Governance Bridge for Collibra are compatible, this means that even if a synchronization via Edge is necessary, a synchronization via Denodo Governance Bridge for Collibra should also be done in order to have more complete information.

Generate technical lineage

Once the Denodo Governance Bridge for Collibra is up and running (script denodo-collibra- governance-bridge.sh|bat) it offers two methods to generate a folder with the Denodo technical lineage:

  • Service endpoint
  • Technical lineage generation script

Service endpoint

The Denodo Governance Bridge for Collibra offers an endpoint service that should be requested using an HTTPS POST method:

 https://<server-host>:<server.port>/api/generateTechnicalLineage

The server.port is 8442 by default but the user can configure it in the application.properties file.

The request body should be a JSON object defining:

  • The System asset name that was selected when registering the data source related to the Denodo databases for which you want to generate the technical lineage information.

  • A JSON array with the Denodo database names the technical lineage is to be generated for.

Example:

{

   "systemAssetName":"systemAssetName",

   "denodoDatabases":["db01", "db02", "db03"]

}

Accordingly, the Content-Type header must be added:

 Content-Type: application/json

The output shows information about the Denodo databases processed and included in the technical lineage generated. Example:

{

   "Technical Lineage generated for Denodo databases : ": "["db01", "db02", "db03"]"

}

Technical lineage generation script

In the bin directory of the distribution you will find the script execute the script denodo-collibra-generate-technical-lineage-governance-bridge.sh|bat. You can execute it in order to generate the Denodo technical lineage for Collibra:

$ cd denodo-collibra-governance-bridge-<VERSION>

$ bin/denodo-collibra-generate-technical-lineage-governance-bridge.sh conf/input-technical-lineage.json

This script uses curl for invoking the service endpoint of the Denodo Governance Bridge for Collibra that generates the Denodo technical lineage. You can check if you have curl installed in your system using the command:

$ curl --version

        

If curl is not there you can install it from https://curl.haxx.se/dlwiz/.

The denodo-collibra-generate-technical-lineage-governance-bridge.sh|bat script needs a JSON file with a JSON object defining the System asset that allows the identification of the assets linked to a given Denodo connection previously synchronized and the name of the Denodo databases for which the user wants to generate the technical lineage.

input-technical-lineage.json sample file

{

  "systemAssetName":"DenodoEdge",

  "denodoDatabases":["Database1", "Database2"]

}


The output shows the name of the Denodo databases for which the technical lineage has been created. Example:

$ bin/denodo-collibra-generate-technical-lineage-governance-bridge.sh conf/input-technical-lineage.json

HTTP/1.1 200

Content-Type: application/json

Transfer-Encoding: chunked

Date: Tue, 18 Jun 2024 10:53:14 GMT

{"Technical Lineage generated for Denodo databases : ":"[bookstore, test01]"}

Note that the output of the script also includes the HTTP response headers. You can check the HTTP status code to see if the process was OK.

Technical lineage result folder

After the technical lineage generation, the user will have a folder in the denodo-collibra-governance-bridge-<version> directory with the name specified in the technical.lineage.destination.folder property of the application.properties file. By default the destination folder name is TechnicalLineage.  Note that if this folder already exists it will be deleted during the process of creating the new Denodo technical lineage files for the current request.

The result folder will contain:

  • The metadata file (metadata.json). This file is used to provide the JSON architecture version, the data source type, and asset type UUIDs of the assets you want to include in the technical lineage
  • One or more lineage_<id>.json files. These files are used to define the lineage relation between two or more data objects.
  • The source_codes folder. This subfolder contains the transformation code in several VQL files.

These files follow the Collibra batch definition format.

Create the Denodo Technical Lineage in Collibra

The user can synchronize the generated custom technical lineage (see Generate technical lineage section), available in the TechnicalLineage folder or in the folder specified in the technical.lineage.destination.folder property, via the Lineage Harvester or via Edge.

The directory with the Denodo technical lineage should be referred to by the lineage harvester configuration file, when the process is going to be triggered via Lineage Harvester, or by the Shared Storage connection, when the process is going to be triggered via Edge. As a result of the synchronization, Collibra Data Lineage generates a technical lineage based on the definitions included in the Denodo technical lineage folder.

Figure 6 Denodo technical lineage example

If you select the "Show code" button, the VQL corresponding to the view on which you are viewing the technical lineage is displayed at the bottom, as shown in the image above.

It is important to highlight that to stitch assets in Collibra Data Catalog to data objects collected by the lineage harvester, the assets must have been added with an Edge synchronization. This is due to the fact that Edge establishes the connection between the assets and the System asset. It is the System asset that allows the identification of the assets linked to a given Denodo connection. See the Considerations section for more detailed information.

Note that Denodo private views, created as internal views in Denodo, are synchronized with Denodo Governance Bridge for Collibra to properly represent the view lineage but they are not linked to a System asset, therefore they are not stitched by the Collibra Data Lineage.

Figure 7 Denodo technical lineage with a private view example

Limitations

Sample data

The Denodo Governance Bridge for Collibra transforms and upserts Denodo Platform metadata to a Collibra Platform instance but it does not collect sample data. You can use Edge in order to establish a connection to Denodo using the JDBC driver and then register, profile and classify Denodo data via Edge.

How to encrypt passwords

The Denodo Governance Bridge for Collibra expects encrypted passwords in the application.properties to appear surrounded by ENC(...). You can compute these values using the Jasypt CLI tools, and use the DENODO_EXPORT_ENCRYPTION_PASSWORD environment variable, or Java system property, to communicate the encryption password to the Denodo Governance Bridge.

This way, you can use encrypted passwords in the application.properties file:

...

password=ENC(s2FdirMK4QORq1HZ6tcTTQ==)

...

 

These are the steps for encrypting passwords:

  1. Download Jasypt CLI tools.

  1. Choose an encryption password, e.g., mypassword.

  1. Go to jasypt/bin.

  1. Run encrypt.bat with the input parameter and password parameter:

  • input parameter - this is the string you want to encrypt.

  • password parameter - this is the password that Jasypt is going to use to encrypt and decrypt the input parameter.

Your command should look like this:


        

Take note of the output. Example output: zrass64ls4LIx5hdFoXXyA==.

  1. Open your application.properties file, replace the password you want to encrypt with  the output from Step 4: ENC(zrass64ls4LIx5hdFoXXyA==).

        Example in the application.properties file:        

Before Jasypt:

password=admin

After Jasypt

password=ENC(zrass64ls4LIx5hdFoXXyA==)

  1. Add an environment variable, or Java system property to the Denodo Governance Bridge start script, with the name DENODO_EXPORT_ENCRYPTION_PASSWORD, and value of mypassword, but use your real encryption password.