Back to top
This guide will show you how to implement data masking in the Secure60 platform.
There are two methods for data masking. First, you can specify either the field name you want to mask or the keywords within it. Then, you can choose between two masking options: applying a HASH algorithm or replacing characters with X.
Warning: Data masking can only be performed after data normalization. Therefore, if you want to mask data, please enable data normalization first.
ENABLE_GENERIC_NORMALISE=true
Data masking will be applied to fields in the incoming log data that contain or match the keywords specified in the DATA_MASKING_ARRAY.
#in your .env file
DATA_MASKING_ARRAY=["password", "token"]
For example, this process will apply to the fields that need to be distributed.
password
api_token
access_token
token
If you want to implement data masking using a HASH algorithm, you need to configure the following settings. Additionally, you can choose from MD5, SHA1, SHA2, or SHA3. By default, SHA3 is used.
ENABLE_DATA_MASKING_HASH=true
#MD5, SHA1, SHA2, SHA3
#DATA_MASKING_ENCRYPTION_ALGORITHM is optional
DATA_MASKING_ENCRYPTION_ALGORITHM=MD5
You have the option to either replace all characters with X or replace all characters except the first and last with X.
If you select ENABLE_DATA_MASKING_X, all characters will be replaced with X. To show the first and last characters while masking the rest, enable ENABLE_DATA_MASKING_PARTIAL_REDACT in addition.
ENABLE_DATA_MASKING_X=true
ENABLE_DATA_MASKING_PARTIAL_REDACT=true