Masking

Mask sensitive field values while retaining the formatting criteria

Objective

A technique commonly used by dynamic data masking within the RDBMS.

On-the-fly data obfuscation rules are executed on the source data event to enable PII data.

Certain fields are replaced with a mask character (such as an ‘XXX’). This removes the actual content while preserving the same formatting.

Example & DSL attributes

This code defines an obfuscation strategy named numberMasking. It applies to the creditcard field and uses the following masking:

  1. pattern The credit card number is displayed as XXXX XXXX XXXX 1234, where only the last four digits are visible.

  2. mask The * character is used to mask the other digits.

This ensures that the credit card number is partially hidden, showing only the last four digits.

obfuscation:
  name: numberMasking
  fields:
    creditcard:
      masking:
        pattern: XXXX XXXX XXXX 1234
        mask: "*"

Attributes schema

Attribute
Description
Data Type
Required

mask

Replacement character to be applied

Char

Default: *

pattern

Masking pattern to be applied to source string value

String

apply to all

Boolean to inform if all characters need to be replace using the mask value (true) or to apply pattern (false).

Boolean

Default: false

PreviousEncryptionNextBucketing

Last updated