Data Masking

Data Masking: Anonymizing Production Data Securely For Testing & Development Environments

Data masking: Your production environment should be as secure as possible and access should be as limited as possible. But what happens if something goes wrong and you have to investigate a query?

Sometimes it is possible to create a similar test example manually, but in many cases you might need a sizable amount of documents with corresponding relations to test and investigate properly. This could easily be done by using the existing data set from production but extracting personal information like real names, birthdays or credit card number might not be approved by management.

The data masking feature of arangodump provides a convenient way to extract production data but mask critical information that should not be visible. This includes names, birthdays, credit card numbers, addresses, emails or phone-numbers.

In this tutorial, we show you how the new data masking feature of ArangoDB 3.5 (Download Tech Preview Community or Tech Preview Enterprise) can be used and easily mask your production data dumps for safe usage in lower security level environments. Find all configuration options with examples in the Data Masking Docs. Please note the following masking functions are available:

In the Community Edition:

  • Random String

In the Enterprise Edition:

  • Xify Front
  • Zip
  • Datetime
  • Integral Number
  • Decimal Number
  • Credit Card Number
  • Phone Number
  • Email Address

Example

Assume you have two collections persons and creditcards. The persons collection contains personal data, for example:

The creditcards contains credit card information:

For the sake of simplicity let name be the join key between persons and creditcards. In a real world data model you will have an identifier linking them.

All this personal data must be protected from illegitimate access. You cannot simply dump all persons and use them as test-data for your development and test environments.

Masking the name

OK, so we cannot simply dump the names collection but we also cannot simply replace the name with a random string because we have in this – albeit naive – example used the name as foreign key in creditcards. Hence, we need to obfuscate the same name with the same value in both collections names and creditcards.

In order to obfuscate all names, you can use the following masking definition:

This will change the person to:

and the credit-card to

Please note that the name Hans Meier is mapped to the same obfuscated string. However, two different runs of arangodump will not produce the same obfuscated string for the name Hans Meier because the cryptographic hash used will uses a random seeding.

Masking the credit card information

Likewise you can obfuscate the credit card information inside the creditcards collection and the birthday inside the persons collection by using

Note that the above example now uses a stricter definition of the maskings.

The maskings for birthday is restricted to persons and the top-level attribute. The maskings for cardnumber is restricted to creditcards and the top-level attribute.

An alternative is to mask these fields everywhere as we did for name. This will result in obfuscating the birthday:

and the creditcard:

The information is now obfuscated, but the structure of the credit card number and the birthday has been changed. It might be important for your testing and development purposes to keep the basic structure of a specific attribute value.

The data masking functions within the Enterprise Edition of ArangoDB allows to generate random dates and credit card numbers.

This produces a more familiar birthday:

and credit card number:

As you can see in the examples above, we obfuscated the birthday and credit card number without losing their structure.

Running the example

Create a 'production' data-set

To create the example “production data set” you can either apply the instructions given in the AQL tutorial to create the persons and creditcardscollections via WebUI and fill the collections with the data OR follow the instructions below to use arangosh.

To test all features we will describe here, you may want to install the 3.5 Tech Preview of the Enterprise Edition (completely free for evaluation purposes).

Create a file persons.json containing:

and a file creditcards.json containing:

Import these two files into a running instance of ArangoDB via arangosh:

You should now see in arangosh:

Exporting with masking

Now that we created the production dataset, let’s export it again using the Data Masking feature.

Create a file maskings.json containing

Now export using:

and import into a new database:

Check the result

Now look at the masked database

Enterprise version

If you have the enterprise version, you can also use the following maskings.json. In this masking definition we make use of the datetime and creditcard masking functions to preserve the structure of the attribute values of birthdayand cardnumber.

This will result in:

We hope the new data masking feature is useful for you and this tutorial could help you get started with it. If you have any feedback or questions to this tutorial please let us know via learn@arangodb.com.

Do you like ArangoDB?
icon-githubStar this project on GitHub.
close-link