Dynamic Data Masking
Dynamic Data Masking is a Column-level Security feature that uses masking tag to selectively mask plain-text data in a query result set. It can be used to hide sensitive data in the result set of a query over designated fields, while the data in the database is not changed.
Using masking tag
You can use the masking tag with {% ... %}.
{% masking <column-name> <masking-function> %}
Where:
<column-name>is the name of the column to mask.<masking-function>is the masking function to use. Currently, VulcanSQL supportspartialmasking function.
Masking Data With partial Function
partial(prefixTotal, padding, suffixTotal);
prefixTotalis the number of characters to display at the beginning of the string.paddingis the custom string to use for masking.suffixTotalis the number of characters to display at the end of the string.
Here is an example of how to use the partial function with the masking tag. Assuming we have a users table with an id column, and we want to partially mask the first two and last two characters of each id value:
SELECT
{% masking id partial(2, 'xxxxxxx', 2) %} as id,
name
FROM users;
This will return a result where the first two and last two characters of each id value are replaced with x:
| id | name |
|---|---|
| ABxxxxxxxCD | Ivan |
| EFxxxxxxxGH | William |