Versions Compared

Old Version 1

changes.mady.by.user Jenni Wallin

Saved on

compared with

New Version 2

changes.mady.by.user Yeok Hong Ng (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You open the Data Masking agent configuration dialog from a workflow configuration: double-click the agent icon.

Image Removed
The Data Masking agent configuration

The agent can be set to different masking methods, based on the chosen method a different tab will be available for additional configuration. Depending on the configuration, different Storage Fields can also be added. The mapping of which UDR fields is done in the referenced Data Masking profiles. You have the option of referencing one or several Data Masking Profiles. 

The Masking Method you select in the Fields In the Data Masking profile you configure the masking method you want to use, which UDR types and field you want to mask/unmask, and any masking method specific settings.

There are four different masking methods that you can use:

  • Crypto - Uses cryptographic algorithm that can be configured to either derive its key from a passphrase or a Keystore. It uses either AES-128 or AES-256 for data encryption.

  • Database - Enables data model masking to store masked and unmasked data. The data can be unmasked later when required.

  • Hash (one way) - Employs a salt-based encryption scheme for obscuring data only. All masked data using this method cannot be unmasked.

  • Hash/Database - Uses a combination of the database and hash mode.

For more information on the supported data types, refer to Supported Data Types.

Configuration

The Data masking profile consists of five tabs:

Table of Contents
maxLevel2
minLevel2

Fields Tab

The masking method that is selected in the Fields tab determines which of the other three four tabs that will be active , since as these tabs contain masking method - specific configurations. 

Image Added

Data Masking

...

Crypto

Image Removed

This will use a cryptographic algorithm that can be configured to either derive its key from a passphrase or from a Keystore. The following options are available in the dedicated Crypto tab: 

...

Profile - Fields tab

SettingDescription
Masking MethodSelect the masking method to be used in the profile. 
Storage Fields

Add the fields to map the UDR fields to. 

Note
titleNote!

This option is only enabled for Database Storage and Hash/Database masking methods. 


UDR Field MappingsAll all the UDR types and fields for the profile to process.
Random Algorithm (Only for String type)


The supported algorithms are:

  • Default - 
  • UUID 4 - Applicable to Database
  • Custom - 


Regex Pattern



For more information on the regex pattern, refer to RegExr: Learn, Build, & Test RegEx.

String Length
Output Format

Crypto Tab

This tab is enabled only when the Crypto masking method is selected in the Fields tab. 

Image Added

Data Masking Profile - Crypto tab

Setting DescriptionDescription
Derive Key from Passphrase

...

Select this option for the cryptographic engine

...

to use a key from

...

the passphrase.

...

The Passphrase and Algorithm fields will be enabled.
Passphrase

Enter a passphrase manually or click the Random button to generate a random key. The passphrase is then hashed and it is use as the key.

Note
titleNote!

If you use a random passphrase and it has been changed, you will not be able to unmask any masked data prior to the change.


Algorithm

Select the algorithm to be used, either the AES-128 or AES-256.

Note
titleNote!

This can only be used for fields of string

...

and bytearray types.

To use the AES-256 algorithm, you are required to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files on the EC in order to run the workflow. See JCE Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8 Download (oracle.com) for further information.


Read Key from Keystore

...

Select this option to use a key from a designated

...

keystore. The

...

keystore must be

...

a JCEKS. The Keystore PathKeystore PasswordKey Name and Key Password fields will b e enabled.

Info
titleExample - Creating a symmetric crypto key


Code Block
$ keytool -keystore test.ks -storepass password -storetype jceks -genseckey -keysize 128 -alias testkey -keyalg AES



Keystore PathEnter the path to the

...

keystore file.
Keystore PasswordEnter the associated password.
Key NameThis field is optional. Enter the associated key name.
Key Password

This field is optional. Enter the associated key password if required, otherwise the Keystore Password is used as the default password.

Database Tab

This tab is enabled only when the Database Storage masking method is selected in the Fields tab. 

Image Modified

...

This option enables database data model masking. By selecting the target database using the Browser button, the view list will be expanded with the appropriate information. In a table view, the following fields will be shown in columns: 

...

Data Masking Profile - Database tab

SettingDescription

Database Model

DatabaseBrowse and select the Database profile to use.
Table

Select the database table to view the following information:

  • Field - Shows the field name
  • Unmasked

...

  • - Shows the unmasked content
  • Masked

...

  • - Shows the masked content

  • Key

...

In a separate Advanced section, additional parameters can be configured: the queue size, the maximum number of workers, and the maximum select batch size value. 

...

Hash (One way)

...

Image Removed

The one-way hash masking method employs a salt-based encryption scheme. The Salt input box allows for manual entry of the relevant hash, optionally a Random button can be pushed to generate a random entry. 

...

Hash/Database

Image Removed

...

  • - The selected checkbox shows the fields that will be searched when unmasking data.

    Note
    titleNote!

    If you have a large table or huge amount of lookups, you may consider to select the necessary fields only for searching when unmasking data


Advanced
Queue Size Set the queue size for the workers. The queue size will be split between the workers.
Max Number of Workers Enter the maximum number of workers.
Max Select Batch SizeEnter the maximum size of the batch when making large select statements to retrieve data.

Hash Tab

This tab is enabled only when the Hash masking method is selected in the Fields tab. 

Image Added

Data Masking Profile - Hash tab

SettingDescription
SaltEnter the entry of the relevant hash or click the Random button to generate a random entry.

Hash/Database Tab

This tab is enabled only when the Hash/Database masking method is selected in the Fields tab. 

Image Added

Data Masking Profile - Hash/Database tab

SettingDescription
Data Model
DatabaseBrowse and select the Database profile to use.
Table

Select the database table to view the following information:

  • Field - Shows the field name
  • Unmasked - Shows the unmasked content
  • Masked - Shows the masked content

  • Key - The selected checkbox shows the fields that will be searched when unmasking data.

    Note
    titleNote!

    If you have a large table or huge amount of lookups, you may consider to select the necessary fields only for searching when unmasking data


Hash
SaltEnter the entry of the relevant hash or click the Random button to generate a random entry.
Advanced
Queue Size Set the queue size for the workers. The queue size will be split between the workers.
Max Number of WorkersEnter the number of workers.
Max Select Batch SizeEnter the maximum size of the batch when making large select statements to retrieve data.

Anchor
datamasking_datatypes
datamasking_datatypes
Supported Data Types

The supported data types for each masking method are as follows:

Data typeCryptoDatabaseHashHash/Database
string

Image Added

Image AddedImage AddedImage Added
integerImage AddedImage AddedImage AddedImage Added
longImage AddedImage AddedImage AddedImage Added
shortImage AddedImage AddedImage AddedImage Added
doubleImage AddedImage AddedImage AddedImage Added
byteImage AddedImage AddedImage AddedImage Added
bytearrayImage AddedImage AddedImage AddedImage Added