Versions Compared

Old Version 1

changes.mady.by.user Jenni Wallin

Saved on

compared with

New Version Current

changes.mady.by.user Yeok Hong Ng (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Excerpt

You open the Data Masking agent configuration dialog from a workflow configuration: double-click the agent icon.

Image Removed
The Data Masking agent configuration

The agent can be set to different masking methods, based on the chosen method a different tab will be available for additional configuration. Depending on the configuration, different Storage Fields can also be added. The mapping of which UDR fields is done in the referenced Data Masking profiles. You have the option of referencing one or several Data Masking Profiles. 

...

In the Data Masking profile you configure the masking method you want to use, which UDR types and field you want to mask/unmask, and any masking method specific settings.

There are four different masking methods that you can use:

  • Crypto - Uses cryptographic algorithm that can be configured to either derive its key from a passphrase or a Keystore. It uses either AES-128 or AES-256 for data encryption. The data can be unmasked later when required. 

  • Database - Enables data model masking to store masked and unmasked data. The data can be unmasked later when required.

  • Hash (one way) - Employs a salt-based encryption scheme for obscuring data only. All masked data using this method cannot be unmasked.

  • Hash/Database - Uses a combination of the database and hash mode. The data can be unmasked later when required. 

For more information on the supported data types, refer to Supported Data Types.

Configuration

The Data masking profile consists of five tabs:

Table of Contents
maxLevel2
minLevel2

Fields Tab

The masking method that is selected in the Fields tab determines which of the other

...

four tabs that will be active

...

as these tabs contain masking method

...

specific configurations. 

Image Added

Data Masking Profile - Fields tab

SettingDescription
Masking Method

...

Crypto

Image Removed

This will use a cryptographic algorithm that can be configured to either derive its key from a passphrase or from a Keystore. The following options are available in the dedicated Crypto tab: 

...

Select the masking method to be used in the profile. 
Storage Fields

Add the fields to map the UDR fields to. 

Note
titleNote!

This option is only enabled for Database Storage and Hash/Database masking methods. 


UDR Field MappingsAdd all the UDR types and fields for the profile to process.
Random Algorithm (Only for String type)

Specify the algorithm to be used for generating the random character.

The supported algorithms are:

  • Default: Default random algorithm. For Crypto, it only supports Base64 format where the Hash or Database are using mixture of alphanumeric and special characters. The supported characters list are: 

    [!, ", #, $, %, &, ', (, ), *, +, ,, -, ., /, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, :, ;, <, =, >, ?, @, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z, [, \, ], ^, _, `, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u, v, w, x, y, z, {, |, }, ~]
  • UUID 4: Generate UUID string in 8-4-4-4-12 format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  • Custom: Filtered character based on Default character sets, filter condition can be configured through Regex Pattern

For more information on the algorithms for each masking method, see Supported Random Algorithm Type.

Regex Pattern

This is field is enabled when the Custom option is selected. It is a regular expression to extract characters based on the default characters list.

String LengthThis is field is enabled when the Custom option is selected. Specify the length of the output string.
Output FormatThis field is non-editable. It displays the supported character list and sample output preview.

Anchor
algorithm
algorithm
Supported Random Algorithm Type

The supported random algorithm types for each masking method are as follows:

Algorithm

Crypto


Database


Hash

Hash/Database
Default

Image Added 

Image AddedImage AddedImage Added
UUID 4Image AddedImage AddedImage AddedImage Added
CustomImage AddedImage AddedImage Added

Image Added

Crypto Tab

This tab is enabled only when the Crypto masking method is selected in the Fields tab. 

Image Added

Data Masking Profile - Crypto tab

Setting DescriptionDescription
Derive Key from Passphrase

...

Select this option for the cryptographic engine

...

to use a key from

...

the passphrase.

...

The Passphrase and Algorithm fields will be enabled.
Passphrase

Enter a passphrase manually or click the Random button to generate a random key. The passphrase is then hashed and it is use as the key.

Note
titleNote!

If you use a random passphrase and it has been changed, you will not be able to unmask any masked data prior to the change.


Algorithm

Select the algorithm to be used, either the AES-128 or AES-256.

Note
titleNote!

This can only be used for fields of string

...

and bytearray types.


Read Key from Keystore

...

Select this option to use a key from a designated

...

keystore. The

...

keystore must be

...

a JCEKS. The Keystore PathKeystore PasswordKey Name and Key Password fields will be enabled.

Info
titleExample - Creating a symmetric crypto key


Code Block
$ keytool -keystore test.ks -storepass password -storetype jceks -genseckey -keysize 128 -alias testkey -keyalg AES



Keystore PathEnter the path to the

...

keystore file.
Keystore PasswordEnter the associated password.
Key NameThis field is optional. Enter the associated key name.
Key Password

This field is optional. Enter the associated key password if required, otherwise the Keystore Password is used as the default password.

Database Tab

This tab is enabled only when the Database Storage masking method is selected in the Fields tab. 

Image Modified

...

This option enables database data model masking. By selecting the target database using the Browser button, the view list will be expanded with the appropriate information. In a table view, the following fields will be shown in columns: 

...

Data Masking Profile - Database tab

SettingDescription

Database Model

DatabaseBrowse and select the Database profile to use.
Table

Select the database table to view the following information:

  • Field: Shows the field name
  • Unmasked

...

  • : Shows the unmasked content
  • Masked

...

  • : Shows the masked content

  • Key

...

In a separate Advanced section, additional parameters can be configured: the queue size, the maximum number of workers, and the maximum select batch size value. 

...

Hash (One way)

...

Image Removed

The one-way hash masking method employs a salt-based encryption scheme. The Salt input box allows for manual entry of the relevant hash, optionally a Random button can be pushed to generate a random entry. 

...

Hash/Database

Image Removed

...

  • : The selected checkbox shows the fields that will be searched when unmasking data.

    Note
    titleNote!

    If you have a large table or huge amount of lookups, you may consider to select the necessary fields only for searching when unmasking data


Advanced
Queue Size Set the queue size for the workers. The queue size will be split between the workers.
Max Number of Workers Enter the maximum number of workers.
Max Select Batch SizeEnter the maximum size of the batch when making large select statements to retrieve data.

Hash Tab

This tab is enabled only when the Hash masking method is selected in the Fields tab. 

Image Added

Data Masking Profile - Hash tab

SettingDescription
SaltEnter the entry of the relevant hash or click the Random button to generate a random entry.

Hash/Database Tab

This tab is enabled only when the Hash/Database masking method is selected in the Fields tab. 

Image Added

Data Masking Profile - Hash/Database tab

SettingDescription
Data Model
DatabaseBrowse and select the Database profile to use.
Table

Select the database table to view the following information:

  • Field: Shows the field name
  • Unmasked: Shows the unmasked content
  • Masked: Shows the masked content

  • Key: The selected checkbox shows the fields that will be searched when unmasking data.

    Note
    titleNote!

    If you have a large table or huge amount of lookups, you may consider to select the necessary fields only for searching when unmasking data


Hash
SaltEnter the entry of the relevant hash or click the Random button to generate a random entry.
Advanced
Queue Size Set the queue size for the workers. The queue size will be split between the workers.
Max Number of WorkersEnter the number of workers.
Max Select Batch SizeEnter the maximum size of the batch when making large select statements to retrieve data.

Anchor
datatypes
datatypes
Supported Data Types

The supported data types for each masking method are as follows:

Data typeCryptoDatabaseHashHash/Database
string

Image Added

Image AddedImage AddedImage Added
integerImage AddedImage AddedImage AddedImage Added
longImage AddedImage AddedImage AddedImage Added
shortImage AddedImage AddedImage AddedImage Added
doubleImage AddedImage AddedImage AddedImage Added
byteImage AddedImage AddedImage AddedImage Added
bytearrayImage AddedImage AddedImage AddedImage Added