User Guide
Also available as:
PDF
Examples of Property-Based Anonymization Rules

This section includes examples of commonly used property-based anonymization rules.

Example 1: Mask one configuration parameter in multiple files

Rule definition example:

{
  "name": "JPA_PASSWORD",
  "rule_id": "Property",
  "properties": ["oozie.service.JPAService.jdbc.password"],
  "include_files": ["oozie-site.xml", "sqoop-site.xml"],
  "action" : "REPLACE",
  "replace_value": "Hidden"
}

This rule anonymizes the value of oozie.service.JPAService.jdbc.password in oozie-site.xml and sqoop-site.xml:

Input data, sqoop-site.xml:

  <configuration>

    <property>
      <name>oozie.service.JPAService.jdbc.px</name>
      <value>at@!_*rue</value>
    </property>

Output data, sqoop-site.xml, with anonymized oozie.service.JPAService.jdbc.px parameter value:

  <configuration>

    <property>
      <name>oozie.service.JPAService.jdbc.px</name>
      <value>Hidden</value>
    </property>

Example 2: Mask multiple configuration parameters in multiple files

Rule definition example:

{
  "name": "JDBC_JPA_PASSWORDS",
  "rule_id": "Property",
  "properties": ["oozie.service.JPAService.jdbc.password", "javax.jdo.option.ConnectionPassword"],
  "include_files": ["oozie-site.xml", "sqoop-site.xml", "hive-site.xml"],
  "action" : "REPLACE",
  "replace_value": "Hidden"
}

Example 3: Mask a configuration that matches a pattern

Rule definition example:

{
  "name": "GLOBAL_JDBC_PASSWORDS",
  "rule_id": "Property",
  "properties": [".*password"],
  "include_files": ["*.xml"],
  "action" : "REPLACE",
  "replace_value": "Hidden"
}

Input data:

ssl-server.xml

  <configuration>
    <property>
      <name>ssl.server.keystore.keypassword</name>
      <value>big123!*</value>
    </property>

ssl-client.xml

  <configuration>
    <property>
      <name>ssl.client.keystore.password</name>
      <value>NBg7j*4$aTh</value>
    </property>

Output data:

Anonymized ssl-server.xml

  <configuration>
    <property>
      <name>ssl.server.keystore.keypassword</name>
      <value>Hidden</value>
    </property>

Anonymized ssl-client.xml

  <configuration>
    <property>
      <name>ssl.client.keystore.password</name>
      <value>Hidden</value>
    </property>