Data Masking (3.1)

You open the Data Masking agent configuration dialog from a workflow configuration: double-click the agent icon.


The Data Masking agent configuration

The agent can be set to different masking methods, based on the chosen method a different tab will be available for additional configuration. Depending on the configuration, different Storage Fields can also be added. The mapping of which UDR fields is done in the referenced Data Masking profiles. You have the option of referencing one or several Data Masking Profiles. 

The Masking Method you select in the Fields tab determines which of the other three tabs will be active, since these tabs contain masking method-specific configurations.

Masking MethodDescription

Crypto

This will use a cryptographic algorithm that can be configured to either derive its key from a passphrase or from a Keystore. The following options are available in the dedicated Crypto tab: 

SettingDescription
Derive Key from PassphraseBy selecting this option the cryptographic engine will use a key from a passphrase. It can be manually entered or generated by clicking on the Random button. The algorithm can be selected, it can be either AES-128 or AES-256. Can only be used for fields of string or bytearray types
Read Key from Keystore

The key can be entered by selecting it from a designated Keystore. The following information must be entered: 

FieldDescription
Keystore PathEnter the path to the Keystore file
Keystore Password

Enter the associated password

Key NameEnter the associated key name
Key PasswordEnter the associated key password

Database Storage

This option enables database data model masking. By selecting the target database using the Browser button, the view list will be expanded with the appropriate information. In a table view, the following fields will be shown in columns: 

SettingDescription
FieldShows the field name
UnmaskedShows the unmasked content
MaskedShows the masked content
KeyShows the used key

In a separate Advanced section, additional parameters can be configured: the queue size, the maximum number of workers, and the maximum select batch size value. 

Hash (One way)

The one-way hash masking method employs a salt-based encryption scheme. The Salt input box allows for manual entry of the relevant hash, optionally a Random button can be pushed to generate a random entry. 

Hash/Database

This data masking model uses a combination of the database and hash mode, including their relevant options.Â