Page Comparison

In the Data Masking profile, you configure the masking method you want to use, which UDR types and fields you want to mask/unmask, and any masking method-specific settings.

...

• Crypto, which is used for encrypting data with either AES-128 or AES-256. Can be used for both obscuring and unmasking data.
• Database, which is used for storing masked and unmasked data in a database enabling the data to be unmasked at a later stage.
• Hash, which is used for obscuring data only. You will not be able to unmask data using this method.

Creating a Data Masking Profile Using the Crypto Method

To create a Data Masking profile using Crypto:

...

If you want to specify a directly configured key, select Derive Key from Passphrase and see the section below, Configuring the Crypto Method using Derive Key from Passphrase. 

...

Configuring the Crypto Method using Derive Key from Passphrase

Image Removed
Data Masking Agent - Crypto tab, Derive Key from Passphrase selected

...

• .

...

...

Configuring the Crypto Method using a Key from a Keystore

If you want a key to be read from a specific Keystore, it must be a JCEKS key store.

...

...

Data Masking Agent - Crypto tab, Read Key from Keystore selected

...

Creating a Data Masking Profile Using the Database Storage Method

To use the database storage method, you need to create a table to store the mappings between masked and unmasked data. It is important that there are unique indexes for both the masked and unmasked data since the masking method implementation depends on the database constraints to ensure consistency in the table data.

The example below shows what a definition with a single storage field in an Oracle database may be:

CREATE TABLE masking_info (
    unmasked NOT NULL,
    masked NOT NULL,
    CONSTRAINT masking_info_pk PRIMARY KEY (unmasked)
);
 
CREATE UNIQUE INDEX idx_masking_info_masked ON masking_info (masked);

...