Skip to main content

SSH

Automate the fulfillment of data subject access, deletion, opt-out, and identifier retrieval requests using a command line argument on a remote server.

Configuration

Create a Connection object with a SSH ConnectorType to instantiate a connection to a remote server. Once the object has been created and the credentials have been stored, place the object in the RMAgentConfig connections array.

Example Configuration
{
    "name": "DSR Script",
    "uuid": "95e99cea-e402-499c-a6f8-0db6852ecfec",
    "capabilities": ["privacy/access", "privacy/delete", "privacy/optout"],
    "mode": "live",
    "connector_type": "SSH",
    "queries": {
        "access": ["./dsr.py access {email}"],
        "delete": ["./dsr.py delete {email}"],
        "optout": ["./dsr.py optout {email}"]
    },
"credentials_location": "arn:aws:secretsmanager:Region:AccountId:secret:datagrail.ssh"
}

Credential Creation

The SSH connection supports both password and private key authentication (recommended). Create a new secret in you credentials manager with the following key/value pairs:

{
    "username": "<username>",
    "password": "(optional) <password>",
    "private_key": "(preferred over password) <PEM encoded private key>",
    "server": "<hostname or IP Address of server>",
    "port": "(optional) <port to connect to, defaults to 22>"
}

Query Syntax and Parameter Binding

Queries are command line arguments that support named argument placeholders to format the string with identifier values.

In the above example, for an access request for example@datagrail.io, the connection would call ./dsr.py access example@datagrail.io.

Response Format

Results should be reported via stdout as an array of objects. Each object in the array will result in a separate file for you data subject.

The environment variable LOGLEVEL can be adjusted to DEBUG to get more detailed feedback if responses are malformed. Be aware that this level of logging has the potential to expose sensitive data.

Some examples of properly formatted responses:

[
    {
        "first_name": "Howard",
        "last_name": "Spears",
        "address1": {
          "street": "123 Any Street",
          "city": "San Francisco",
          "state": "California",
          "zip_code": "92123"
        }
    },{
        "first_name": "Susan",
        "last_name": "Spears",
        "address1": {
          "street": "123 Any Street",
          "city": "San Francisco",
          "state": "California",
          "zip_code": "92123"
        }
    }
]
[
    {
        "status": "success"
    }
]

 

Need help?
If you have any questions, please reach out to your dedicated CSM or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.