Data Masking

Background

The YAML configuration approach to data masking is highly readable, with the YAML format enabling a quick understanding of dependencies between mask rules. Based on the YAML configuration, ShardingSphere automatically completes the creation of ShardingSphereDataSource objects, reducing unnecessary coding efforts for users.

Parameters

  1. rules:
  2. - !MASK
  3.   tables:
  4.     <table_name> (+): # Mask table name
  5.       columns:
  6.         <column_name> (+): # Mask logic column name
  7.           maskAlgorithm: # Mask algorithm name
  9.   # Mask algorithm configuration
  10.   maskAlgorithms:
  11.     <mask_algorithm_name> (+): # Mask algorithm name
  12.       type: # Mask algorithm type
  13.       props: # Mask algorithm properties
  14.       # ...

Please refer to Built-in Mask Algorithm List for more details about type of algorithm.

Procedure

  1. Configure data masking rules in the YAML file, including data sources, mask rules, global attributes, and other configuration items.
  2. Using the createDataSource of calling the YamlShardingSphereDataSourceFactory object to create ShardingSphereDataSource based on the configuration information in the YAML file.

Sample

The data masking YAML configurations are as follows:

  1. dataSources:
  2.   unique_ds:
  3.     dataSourceClassName: com.zaxxer.hikari.HikariDataSource
  4.     driverClassName: com.mysql.jdbc.Driver
  5.     jdbcUrl: jdbc:mysql://localhost:3306/demo_ds?serverTimezone=UTC&useSSL=false&useUnicode=true&characterEncoding=UTF-8
  6.     username: root
  7.     password:
  9. rules:
  10. - !MASK
  11.   tables:
  12.     t_user:
  13.       columns:
  14.         password:
  15.           maskAlgorithm: md5_mask
  16.         email:
  17.           maskAlgorithm: mask_before_special_chars_mask
  18.         telephone:
  19.           maskAlgorithm: keep_first_n_last_m_mask
  21.   maskAlgorithms:
  22.     md5_mask:
  23.       type: MD5
  24.     mask_before_special_chars_mask:
  25.       type: MASK_BEFORE_SPECIAL_CHARS
  26.       props:
  27.         special-chars: '@'
  28.         replace-char: '*'
  29.     keep_first_n_last_m_mask:
  30.       type: KEEP_FIRST_N_LAST_M
  31.       props:
  32.         first-n: 3
  33.         last-m: 4
  34.         replace-char: '*'

Read the YAML configuration to create a data source according to the createDataSource method of YamlShardingSphereDataSourceFactory.

  1. YamlShardingSphereDataSourceFactory.createDataSource(getFile());