Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

In the Data Masking profile, you configure the masking method you want to use, which UDR types and fields you want to mask/unmask, and any masking method-specific settings.

There are three different masking methods that you can use:

  • Crypto, which is used for encrypting data with either AES-128 or AES-256. Can be used for both obscuring and unmasking data.
  • Database, which is used for storing masked and unmasked data in a database enabling the data to be unmasked at a later stage.
  • Hash, which is used for obscuring data only. You will not be able to unmask data using this method.



Data Masking Agent - Crypto tab, Read Key from Keystore selected

  1. In the Keystore Path field, enter the location of the JCEKS type keystore from which you want to read the key. 

  2. In the Keystore Password field, enter the relevant keystore password. 

  3. The Key Name field is optional. If required, enter the key name. 

  4. The Key Password fields is optional. You can enter the key password, or if you leave this field empty, the Keystore Password is the default. 

  5. Save the profile and you are done.

Creating a Data Masking Profile Using the Database Storage Method

To use the database storage method, you need to create a table to store the mappings between masked and unmasked data. It is important that there are unique indexes for both the masked and unmasked data since the masking method implementation depends on the database constraints to ensure consistency in the table data.

The example below shows what a definition with a single storage field in an Oracle database may be:

Example - A definition with a single storage field in an Oracle database

CREATE TABLE masking_info (
    unmasked NOT NULL,
    masked NOT NULL,
    CONSTRAINT masking_info_pk PRIMARY KEY (unmasked)
);
 
CREATE UNIQUE INDEX idx_masking_info_masked ON masking_info (masked);


To create a Data Masking profile using Database Storage:

  1. In the Fields tab, select the Database Storage option in the Masking Method drop-down list.

  2. Click on the Add... button beneath the Storage Fields section.


  3. Enter a name for the field that you want to use for mapping the unmasked and masked values in the database and select the type of the field in the Type drop-down list. Repeat for every additional storage field you want to add.

  4. Click on the Close button to close the dialog.

    The UDR Field Mappings section will display three different columns when you have selected Database Storage as a masking method.

  5. Click on the Add... button beneath the UDR Field Mappings section. 

  6. The Add UDR Field Mappings dialog opens.


  7. Click on the Browse... buttons and select which UDR type and field you want to add, select the mapping field in the Mapping Field drop-down list, and click on the Add button. Then repeat this step for all the types and fields you want to add.

  8. When finished, click on the Close button to close the dialog.

  9. Click on the Database tab to display the Database Storage-specific settings:


  10. Select the database profile you want to use and set which table in the database you want to use in the Database and Table settings.

    The configured storage fields will appear in the table, and the Key check box will be selected for the fields by default. This means that when unmasking data, the fields with this check box selected will be looked up. In case you have very large tables, or many lookups, you may consider which fields you want to be looked up when unmasking data.

  11. Enter names for the Unmasked and Masked columns in the table for each storage field.

  12. If applicable, make any changes to the Advanced settings. These parameters can be tuned to optimize performance 

    if necessary.
    SettingDescription
    Queue SizeThis setting determines the queue size for the workers. The queue size will be split between the workers.
    Max Number of WorkersEnter how many workers you want to have in this field.
    Max Select Batch SizeEnter the maximum size of the batch when making large select statements for retrieving data.

    Advanced settings

  13. Save the profile and you are done.

Creating a Data Masking Profile Using the Hash Method

To create a Data Masking profile using Hash:

  1. In the Fields tab, select the Hash option in the Masking Method drop-down list.

    The Storage Fields section will then be greyed out.

  2. Click on the Add... button beneath the UDR Field Mappings section. 

    The Add UDR Field Mappings dialog opens.


  3. Click on the Browse... buttons and select which UDR type and field you want to add and click on the Add button. Then repeat this step for all the types and fields you want to add.

  4. When finished, click on the Close button to close the dialog.

  5. Click on the Hash tab to display the Hash-specific settings:


  6. Either enter a key manually or click on the Random button to generate a random key in the Salt field.

  7. Save the profile and you are done.
  • No labels