DataSunrise is sponsoring AWS re:Invent 2024 in Las Vegas, please visit us in DataSunrise's booth #2158

This website stores cookies to collect information about how you interact with our website. To find out more visit our Privacy Policy.

  • Home
  • Guides
  • Dynamic Data Masking with DataSunrise: Masking with Lua scripts

Dynamic Data Masking with DataSunrise: Masking with Lua scripts

How to Migrate DataSunrise CloudFormation Template from Launch Configuration (LC) to Launch Template (LT) Resource in Auto Scaling Group How to Send DataSunrise Events to a Microsoft Teams Channel via Incoming Webhook using Subscribers How To Offload The Audit Database Data To AWS S3 And Read It Using AWS Athena Service How to Convert Trial or BYOL Configuration of DataSunrise to Hourly Billing Backend DB: PostgreSQL (RDS) or Aurora PostgreSQL How to Troubleshoot “Connection Was Terminated” or “Connection Terminated Unexpectedly” Errors in Applications Using DataSunrise Proxies Exploring DataSunrise’s Performance Under High Traffic Conditions DataSunrise’s Approach to Configuring Penalties for SQL Injection Detection How to Block Specific Hosts in DataSunrise for Enhanced Database Security Troubleshooting AWS Metering and Hourly Billing Issues in DataSunrise on AWS Marketplace Cloud Formation Modification Dynamic Data Masking with DataSunrise: Masking with Lua scripts How to Choose the Database for Audit Storage: A Performance Analysis How to Run pgbench Through DataSunrise Proxy on PostgreSQL 14 with SCRAM Authentication DataSunrise SSO Authentication Based on SAML (Okta) DataSunrise SSO Authentication Based on OpenID (Okta) How to Search for Sensitive Data in Images Hosted on AWS S3 How to Deploy DataSunrise with Terraform Template on Azure How to Integrate DataSunrise with SQL Server Always On Cluster How to Deploy DataSunrise in Microsoft Azure Using Azure Resource Manager How to Perform DataSunrise Static Data Masking for MongoDB How to Configure DB Audit Trailing for MS Azure MySQL How to Configure DB Audit Trailing for MS Azure PostgreSQL How to Configure DataSunrise to Mask Data for Amazon Athena How to Upgrade RHEL OS version of existing DataSunrise servers How to Integrate DataSunrise with AWS Database Activity Streams for Getting Auditing Results for AWS Aurora PostgreSQL How to Set Up SSL Certificates for DataSunrise Database Proxy Generating Reports in DataSunrise How to Hide Schemas From Users in Redshift AWS RDS PostgreSQL Audit Logs in DataSunrise How to Audit Administrative Actions in Your Oracle RDS and EC2 How to Check if DataSunrise Receives Traffic How To Remove a Procedure or a Function From a Database

DataSunrise is a robust security solution that offers dynamic data masking capabilities for a wide range of databases. This feature allows sensitive data to be obfuscated in real time, ensuring that it remains protected even when accessed by authorized users. In this article, we will delve into how DataSunrise handles dynamic data masking and how you can customize this feature using Lua scripts.

Understanding Dynamic Data Masking in DataSunrise

Dynamic data masking in DataSunrise works by modifying the SQL query at the request stage for most standard masking algorithms. However, for more complex masking methods, DataSunrise modifies the response data itself. This flexibility allows for a high degree of customization and ensures that sensitive data is adequately protected.

DataSunrise supports dynamic data masking for a lot of databases, but masking on response only for the following databases:

  • PostgreSQL
  • Greenplum
  • Amazon Redshift
  • MySQL
  • MariaDB
  • MongoDB
  • Amazon
  • Athena
  • Elasticsearch
  • Amazon S3
  • Amazon DynamoDB
  • TiDB
  • GaussDB
  • AlloyDB
  • Hydra
  • SQL Server

Customizing Data Masking with Lua Scripts

One of the powerful features of DataSunrise is the ability to customize data masking methods using Lua scripts. Lua is a lightweight, high-level programming language designed for extending applications. DataSunrise leverages Lua’s capabilities to allow users to define their own data masking methods.

Here is an example of a Lua script that masks the first and last parts of names:

if columnType == 1 then
    for i = 1, #batchRecords do
            local parts = {}
            for part in string.gmatch(batchRecords[i], "%S+")
            do
                table.insert(parts, part)
            end
            parts[1] = '*****'
            parts[#parts] = '*****'
            batchRecords[i] = table.concat(parts, ' ')
        end
    end

This script works by splitting the name into parts and replacing the first and last parts with asterisks.

How to Add and Test a Lua Script in DataSunrise

To add a Lua script to DataSunrise and test it, follow these steps:

Step 1: Create a Lua script.

  • In the DataSunrise console, navigate to the Configuration section of the submenu Lua Scripts and click on Create Lua Script.
  • In the Script field, enter your Lua script. Make sure to replace the example script with your own.
  • Click on Save to save the rule.

Picture 1.Create Lua script

Step 2: Create a new masking rule with the Lua method.

  • In the DataSunrise console, navigate to the Data Masking section and click on Add Rule.
  • Choose the database and the columns to which you want to apply the Masking Rule.
  • In the Masking Method dropdown list, select Masking with Lua script.
  • In the Lua script menu, choose the Lua script you have created in Step 1.
  • Click on Save to save the rule.
  • To test the rule, execute a query on the masked columns. The results should show the masked data.

Picture 2. Create a new masking rule with the Lua method.

In the images below, you can see the result with masked and not masked columns in MySQL:

Picture 3. Not masked results

Picture 4. Masked results

Remember, the effectiveness of data masking largely depends on the complexity of the masking method. By using Lua scripts, you can create complex masking methods that provide a higher level of protection for your sensitive data.

Conclusion

DataSunrise offers a powerful and flexible solution for dynamic data masking. Whether you’re using one of the many supported databases or customizing your masking methods with Lua scripts, DataSunrise has the tools you need to protect your sensitive data.

Did this guide help you?

Contact Us