Background #
The good readability of the data desensitisation YAML configuration allows the dependencies between desensitisation rules to be quickly understood in YAML format and DBPlusEngine will automatically complete the creation of objects based on the YAML configuration, reducing unnecessary coding work for the user.
Parameter explanation #
rules:
- !MASK
tables:
<table_name> (+): # Mask table name
columns:
<column_name> (+): # Mask column name
maskAlgorithm: # Mask algorithm
# Mask algorithm configuration
maskAlgorithms:
<mask_algorithm_name> (+): # Mask algorithm name
type: # Mask algorithm type
props: # Mask algorithm properties configuration
# ...
For details of the algorithm types, see the list of built-in desensitisation algorithms。
Operation steps #
- Configure the data desensitization rules in the YAML file, including configuration items for the data source, desensitization rules, global attributes, etc;
- Create objects based on the configuration information in the YAML file.
Configuration example #
The data masking YAML is configured as follows:
dataSources:
unique_ds:
dataSourceClassName: com.zaxxer.hikari.HikariDataSource
driverClassName: com.mysql.jdbc.Driver
jdbcUrl: jdbc:mysql://localhost:3306/demo_ds?serverTimezone=UTC&useSSL=false&useUnicode=true&characterEncoding=UTF-8
username: root
password:
rules:
- !MASK
tables:
t_user:
columns:
password:
maskAlgorithm: md5_mask
email:
maskAlgorithm: mask_before_special_chars_mask
telephone:
maskAlgorithm: keep_first_n_last_m_mask
maskAlgorithms:
md5_mask:
type: MD5
mask_before_special_chars_mask:
type: MASK_BEFORE_SPECIAL_CHARS
props:
special-chars: '@'
replace-char: '*'
keep_first_n_last_m_mask:
type: KEEP_FIRST_N_LAST_M
props:
first-n: 3
last-m: 4
replace-char: '*'