Data Masking Profile

In the Data Masking profile, you configure the masking method you want to use, which UDR types and fields you want to mask/unmask, and any masking method-specific settings.

There are three different masking methods that you can use:

  • Crypto, which is used for encrypting data with either AES-128 or AES-256. Can be used for both obscuring and unmasking data.
  • Database, which is used for storing masked and unmasked data in a database enabling the data to be unmasked at a later stage.
  • Hash, which is used for obscuring data only. You will not be able to unmask data using this method.


To create a new Data Masking profile, click the New Configuration button in Desktop and select the Data Masking Profile option. This configuration contains four different tabs; Fields, Crypto, Database, and Hash. The Masking Method you select in the Fields tab determines which of the other three tabs will be active since these tabs contain masking method-specific configurations.

The Data Masking profile configuration

The contents of the menus in the menu bar may change depending on which configuration type has been opened. The Data Masking profile uses the standard menu items and buttons that are visible for all configurations, and these are described in Build View.

The Fields tab in the Data Masking profile configuration contains the following settings:


Masking Method

In this drop-down list, you select which masking method you want to use:.

- Crypto - which uses either AES-128 or AES-256 encryption. Can only be used for fields of string or bytearray types.

- Database Storage - which stores the unmasked and masked data in a database. Can be used for fields of byte, double, int, string, long, and short types. When selecting Database, Oracle, Postgres, and SAP HANA can be used.

- Hash - which only masks the data, i.e. it is not possible to unmask. Can be used for most simple types of fields.

See Masking Methods for more information.

Storage Fields

In this section, you add the fields you want to map the UDR fields to when using Database Storage. If you have selected another masking method, this section will be inactive.

UDR Field MappingsIn this section, you add all the UDR types and fields you want the profile to process.