User Guide
Also available as:
PDF

Property-Based Anonymization Rules

Property-based rules anonymize structured content. The supported formats are: XML, property, ini, and YAML files.

Required and Optional Fields

  • name

  • rule_id (should be set to PROPERTY)

  • properties

  • parentNode (optional, applicable only for XML, default value is "property")

  • include_files

  • exclude_files (optional)

  • action (optional, default value is ANONYMIZE)

  • replace_value (optional, applicable only when action=REPLACE)

  • shared (optional, default value is true)

  • enabled (optional, default value is true)

For more information on each field, refer to Fields Used for Defining Anonymization Rules.

Rule Definition Example

    {
      "name": "PASSWORDS",
      "rule_id": "Property",
      "properties": [".*password.*", ".*awsAccessKeyId.*"],
      "include_files": ["*.xml", "*.properties", "*.yaml", "*.ini"],
      "exclude_files" : ["capacity-scheduler.xml"],
      "action" : "REPLACE",
      "replace_value": "Hidden"
    }

The following examples show how the rule defined above anonymizes specific password-related properties in XML, property, ini, and YAML files.

  • XML file content:

    <property>
      <name>fs.s3a.proxy.password</name>
      <value>Abc7j*4$aTh</value>
      <description>Password for authenticating with proxy server.</description>
    </property>

    The XML file content, with password value anonymized:

    <property>
      <name>fs.s3a.proxy.password</name>
      <value>Hidden</value>
      <description>Password for authenticating with proxy server.</description>
    </property>
  • Property file content:

    javax.jdo.option.ConnectionPassword=pswd

    The property file content, with password value anonymized:

    javax.jdo.option.ConnectionPassword=Hidden
  • Ini file content:

    connection_password=pswd

    The ini file content, with password value anonymized:

    connection_password=Hidden
  • YAML file content:

    "metrics_collector:\n" +
                    "  truststore.path : \"/etc/security/clientKeys/all.jks\"\n" +
                    "  truststore.type : \"jks\"\n" +
                    "  truststore.password : \"bigdata\"\n"

    The YAML file content, with password value anonymized:

    "metrics_collector:\n" +
                    "  truststore.path : \"/etc/security/clientKeys/all.jks\"\n" +
                    "  truststore.type : \"jks\"\n" +
                    "  truststore.password : Hidden\n"

For more examples, refer to Examples of Property-Based Anonymization Rules.