Examples of Property-Based Anonymization Rules
This section includes examples of commonly used property-based anonymization rules.
Example 1: Mask one configuration parameter in multiple files
Rule definition example:
{ "name": "JPA_PASSWORD", "rule_id": "Property", "properties": ["oozie.service.JPAService.jdbc.password"], "include_files": ["oozie-site.xml", "sqoop-site.xml"], "action" : "REPLACE", "replace_value": "Hidden" }
This rule anonymizes the value of
oozie.service.JPAService.jdbc.password
in oozie-site.xml and
sqoop-site.xml:
Input data, sqoop-site.xml:
<configuration> <property> <name>oozie.service.JPAService.jdbc.px</name> <value>at@!_*rue</value> </property>
Output data, sqoop-site.xml, with anonymized
oozie.service.JPAService.jdbc.px
parameter value:
<configuration> <property> <name>oozie.service.JPAService.jdbc.px</name> <value>Hidden</value> </property>
Example 2: Mask multiple configuration parameters in multiple files
Rule definition example:
{ "name": "JDBC_JPA_PASSWORDS", "rule_id": "Property", "properties": ["oozie.service.JPAService.jdbc.password", "javax.jdo.option.ConnectionPassword"], "include_files": ["oozie-site.xml", "sqoop-site.xml", "hive-site.xml"], "action" : "REPLACE", "replace_value": "Hidden" }
Example 3: Mask a configuration that matches a pattern
Rule definition example:
{ "name": "GLOBAL_JDBC_PASSWORDS", "rule_id": "Property", "properties": [".*password"], "include_files": ["*.xml"], "action" : "REPLACE", "replace_value": "Hidden" }
Input data:
ssl-server.xml
<configuration> <property> <name>ssl.server.keystore.keypassword</name> <value>big123!*</value> </property>
ssl-client.xml
<configuration> <property> <name>ssl.client.keystore.password</name> <value>NBg7j*4$aTh</value> </property>
Output data:
Anonymized ssl-server.xml
<configuration> <property> <name>ssl.server.keystore.keypassword</name> <value>Hidden</value> </property>
Anonymized ssl-client.xml
<configuration> <property> <name>ssl.client.keystore.password</name> <value>Hidden</value> </property>