Masking

Mask sensitive field values while retaining the formatting criteria

Objective

A technique commonly used by dynamic data masking within the RDBMS.

On-the-fly data obfuscation rules are executed on the source data event to enable PII data.

Certain fields are replaced with a mask character (such as an ‘XXX’). This removes the actual content while preserving the same formatting.

Example & DSL attributes

This code defines an obfuscation strategy named numberMasking. It applies to the creditcard field and uses the following masking:

  1. pattern The credit card number is displayed as XXXX XXXX XXXX 1234, where only the last four digits are visible.

  2. mask The * character is used to mask the other digits.

This ensures that the credit card number is partially hidden, showing only the last four digits.

obfuscation:
  name: numberMasking
  fields:
    creditcard:
      masking:
        pattern: XXXX XXXX XXXX 1234
        mask: "*"

Attributes schema

Last updated