Data Masking Profile (4.3)
In the Data Masking profile you configure the masking method you want to use, which UDR types and field you want to mask/unmask, and any masking method specific settings. There are four different masking methods that you can use: Crypto - Uses cryptographic algorithm that can be configured to either derive its key from a passphrase or a Keystore. It uses either AES-128 or AES-256 for data encryption. The data can be unmasked later when required. Database - Enables data model masking to store masked and unmasked data. The data can be unmasked later when required. Hash (one way) - Employs a salt-based encryption scheme for obscuring data only. All masked data using this method cannot be unmasked. Hash/Database - Uses a combination of the database and hash mode. The data can be unmasked later when required. For more information on the supported data types, refer to Supported Data Types. The Data masking profile consists of five tabs: The masking method that is selected in the Fields tab determines which of the other four tabs that will be active as these tabs contain masking method specific configurations. Data Masking Profile - Fields tab Add the fields to map the UDR fields to. Note! This option is only enabled for Database Storage and Hash/Database masking methods. Specify the algorithm to be used for generating the random character. The supported algorithms are: Default: Default random algorithm. For Crypto, it only supports Base64 format where the Hash or Database are using mixture of alphanumeric and special characters. The supported characters list are: For more information on the algorithms for each masking method, see Supported Random Algorithm Type. This is field is enabled when the Custom option is selected. It is a regular expression to extract characters based on the default characters list. The supported random algorithm types for each masking method are as follows: Crypto Database Hash This tab is enabled only when the Crypto masking method is selected in the Fields tab. Data Masking Profile - Crypto tab Enter a passphrase manually or click the Random button to generate a random key. The passphrase is then hashed and it is use as the key. Note! If you use a random passphrase and it has been changed, you will not be able to unmask any masked data prior to the change. Select the algorithm to be used, either the AES-128 or AES-256. Note! This can only be used for fields of string and bytearray types. Select this option to use a key from a designated keystore. The keystore must be a JCEKS. The Keystore Path, Keystore Password, Key Name and Key Password fields will be enabled. Example - Creating a symmetric crypto key This field is optional. Enter the associated key password if required, otherwise the Keystore Password is used as the default password. This tab is enabled only when the Database Storage masking method is selected in the Fields tab. Data Masking Profile - Database tab Database Model Select the database table to view the following information: Key: The selected checkbox shows the fields that will be searched when unmasking data. Note! If you have a large table or huge amount of lookups, you may consider to select the necessary fields only for searching when unmasking data This tab is enabled only when the Hash masking method is selected in the Fields tab. Data Masking Profile - Hash tab This tab is enabled only when the Hash/Database masking method is selected in the Fields tab. Data Masking Profile - Hash/Database tab Select the database table to view the following information: Key: The selected checkbox shows the fields that will be searched when unmasking data. Note! If you have a large table or huge amount of lookups, you may consider to select the necessary fields only for searching when unmasking data The supported data types for each masking method are as follows: Configuration
Fields Tab
Setting Description Masking Method Select the masking method to be used in the profile. Storage Fields UDR Field Mappings Add all the UDR types and fields for the profile to process. Random Algorithm (Only for String type) [!, ", #, $, %, &, ', (, ), *, +, ,, -, ., /, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, :, ;, <, =, >, ?, @, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z, [, \, ], ^, _, `, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u, v, w, x, y, z, {, |, }, ~]
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Regex Pattern String Length This is field is enabled when the Custom option is selected. Specify the length of the output string. Output Format This field is non-editable. It displays the supported character list and sample output preview. Supported Random Algorithm Type
Algorithm Hash/Database Default UUID 4 Custom Crypto Tab
Setting Description Description Derive Key from Passphrase Select this option for the cryptographic engine to use a key from the passphrase. The Passphrase and Algorithm fields will be enabled. Passphrase Algorithm Read Key from Keystore $ keytool -keystore test.ks -storepass password -storetype jceks -genseckey -keysize 128 -alias testkey -keyalg AES
Keystore Path Enter the path to the keystore file. Keystore Password Enter the associated password. Key Name This field is optional. Enter the associated key name. Key Password Database Tab
Setting Description Database Browse and select the Database profile to use. Table Advanced Queue Size Set the queue size for the workers. The queue size will be split between the workers. Max Number of Workers Enter the maximum number of workers. Max Select Batch Size Enter the maximum size of the batch when making large select statements to retrieve data. Hash Tab
Setting Description Salt Enter the entry of the relevant hash or click the Random button to generate a random entry. Hash/Database Tab
Setting Description Data Model Database Browse and select the Database profile to use. Table Hash Salt Enter the entry of the relevant hash or click the Random button to generate a random entry. Advanced Queue Size Set the queue size for the workers. The queue size will be split between the workers. Max Number of Workers Enter the number of workers. Max Select Batch Size Enter the maximum size of the batch when making large select statements to retrieve data. Supported Data Types
Data type Crypto Database Hash Hash/Database string integer long short double byte bytearray