-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security enforcement #3
Comments
You mean something like this (example): global:
filters:
columns:
api:
value: "{{- randAlphaNum 50 | nospace | lower -}}"
filters:
groups:
columns:
title:
value: "{{- randAlphaNum 50 | nospace | lower -}}" Globally a filters will be applied for column ? |
Something like:
|
In product you referred to they have syntax:
https://github.com/datanymizer/datanymizer#tables-filter But I have not found option for default hiding undescribed in filters columns |
Ok, I see. Let me think about this a couple of days ) |
This feature would be very helpful. |
Hi everyone! I've summarized your suggestions. Please check the config options described below (draft). Does it solves the issue? Global settings
Security settings
Policy settings
Exceptions settings
Defaults settings
Example of config: security:
policy:
tables: skip
columns: randomize
exceptions:
tables:
- goods
columns:
- id
defaults:
columns:
password:
value: "{{- randAlphaNum 50 | nospace | lower -}}"
filters:
... |
Hello @borisershov , I don't understand that point. "Default security policy for tables. If value skip is used all undescribed tables in config will be skipped while anonymization" Does "skipped" mean that the table is preserved or does "skipped" mean that the table is excluded and is not part of the output? Best regards |
Hi, @escalate!
The second, i.e. the tables will be dropped from a resulting anonymized dump. A logic of a new
|
Does it that you are expect from anonymizer security enforcement? |
Hi! |
Hi everyone! Features described above has released in v1.5.0. At the time new abilities available only for MySQL, Percona, and MariaDB (for PgSQL will be added in next release) |
Hi all! Requested abilities released in v1.6.0 |
Introduced features are great!
But database structure evolves and you can't just setup filters once and live in peace.
One day someone will add new table with secrets and theese secrets will go to staging without obfuscation.
It will be great to have option to skip all tables not added to config.
Also this option will obfuscate all undescribed columns.
This change will force to update nxs-data-anonymizer config every time we have changed database structure (added column, created table).
This will provide "secure by default" mode.
The text was updated successfully, but these errors were encountered: