DataSunrise is sponsoring AWS re:Invent 2024 in Las Vegas, please visit us in DataSunrise's booth #2158

This website stores cookies to collect information about how you interact with our website. To find out more visit our Privacy Policy.

  • Home
  • Guides
  • How to Perform DataSunrise Static Data Masking for MongoDB

How to Perform DataSunrise Static Data Masking for MongoDB

How to Migrate DataSunrise CloudFormation Template from Launch Configuration (LC) to Launch Template (LT) Resource in Auto Scaling Group How to Send DataSunrise Events to a Microsoft Teams Channel via Incoming Webhook using Subscribers How To Offload The Audit Database Data To AWS S3 And Read It Using AWS Athena Service How to Convert Trial or BYOL Configuration of DataSunrise to Hourly Billing Backend DB: PostgreSQL (RDS) or Aurora PostgreSQL How to Troubleshoot “Connection Was Terminated” or “Connection Terminated Unexpectedly” Errors in Applications Using DataSunrise Proxies Exploring DataSunrise’s Performance Under High Traffic Conditions DataSunrise’s Approach to Configuring Penalties for SQL Injection Detection How to Block Specific Hosts in DataSunrise for Enhanced Database Security Troubleshooting AWS Metering and Hourly Billing Issues in DataSunrise on AWS Marketplace Cloud Formation Modification Dynamic Data Masking with DataSunrise: Masking with Lua scripts How to Choose the Database for Audit Storage: A Performance Analysis How to Run pgbench Through DataSunrise Proxy on PostgreSQL 14 with SCRAM Authentication DataSunrise SSO Authentication Based on SAML (Okta) DataSunrise SSO Authentication Based on OpenID (Okta) How to Search for Sensitive Data in Images Hosted on AWS S3 How to Deploy DataSunrise with Terraform Template on Azure How to Integrate DataSunrise with SQL Server Always On Cluster How to Deploy DataSunrise in Microsoft Azure Using Azure Resource Manager How to Perform DataSunrise Static Data Masking for MongoDB How to Configure DB Audit Trailing for MS Azure MySQL How to Configure DB Audit Trailing for MS Azure PostgreSQL How to Configure DataSunrise to Mask Data for Amazon Athena How to Upgrade RHEL OS version of existing DataSunrise servers How to Integrate DataSunrise with AWS Database Activity Streams for Getting Auditing Results for AWS Aurora PostgreSQL How to Set Up SSL Certificates for DataSunrise Database Proxy Generating Reports in DataSunrise How to Hide Schemas From Users in Redshift AWS RDS PostgreSQL Audit Logs in DataSunrise How to Audit Administrative Actions in Your Oracle RDS and EC2 How to Check if DataSunrise Receives Traffic How To Remove a Procedure or a Function From a Database
MongoDB

DataSunrise now has the capability of Static Data Masking for MongoDB. Earlier, only Dynamic Masking was supported. Now you can use all DataSunrise functionality with a variety of masking methods including Format-Preserving Encryption (FPE), Format-Preserving Tokenization (FPT), and Lua script to implement custom masking algorithms.

You can easily choose which fields should be masked and how. For embedded documents, all fields with a specified name will be masked. It ensures complete security when dealing with sensitive data, regardless of your security goals, such as corporate activities or giving access to databases to outsource and third-party IT companies.

DataSunrise supports Static Data Masking of validated documents only. Otherwise, an error will occur during the Static Masking process.

Granting Read and Write Permissions

To perform Static Data Masking on a MongoDB database, you need a database user with the corresponding permissions.

For the source database, execute:

use <Source_DB>
db.grantRolesToUser("<User_name>", ["read"])

For the target database, execute:

use <Target_DB>
db.grantRolesToUser("<User_name>", ["readWrite"])

Creating Instance for MongoDB

First, you need to create an Instance for MongoDB in DataSunrise. This is necessary to create a database profile. The beginning is the same for every database: just input connection details for your MongoDB.

Be sure to save your password in DataSunrise, CyberArk, or AWS Secrets Manager. Otherwise, if you do not save your password in an instance, it must be stored in a Static Masking task. The Static Masking process cannot be started without the saved password.

Press Test and after successful connection press Save.

Add New Static Data Masking Task

Open DataSunrise Web Console, Static Masking subsection, and click New to create a new Static Masking task.

In Source and Target Instances, select source and target database instances from the drop-down list and enter credentials for the database user.

Press the Select button and choose the required collection to use in the Static Data Masking process as source collection:

Press the Add Column button and enter the exact name of the field you want to mask:

Add all the required fields to mask:

If necessary, select the required field, click Set Masking Method and select a masking method for this particular column. Repeat for other columns as needed. All masking methods are available for MongoDB except for Function call.

Since this is a Periodic Static Masking Task you can choose the required frequency of the task’s execution.

Press Save.

Running Static Data Masking

Enter the newly created Static Data Masking task and press Start:

Customization of Static Data Masking Process

There are three main parameters to configure Static Data Masking for MongoDB:

  • MongoDbDataSearchRecursionLimit – search nested depth limit for both Dynamic and Static Masking.
  • StaticMaskingParallelLoadThreadsCount – number of threads used for parallel data transfer during Static Masking.
  • MongoBulkOperationSize – data volume (number of documents) transferred by one bulk insert operation. The higher this parameter’s value, the quicker the insert operation, but the higher the memory consumption.

Conclusion

DataSunrise is a reliable supplier of MongoDB database protection solutions. Static Data Masking guarantees the comprehensive protection of sensitive data across your company together with other solutions such as Sensitive Data Discovery, Activity Monitoring, Database Firewall, and others.

Please note that In-Place Masking is not supported for MongoDB in the 8.0.0 release. As of 2024, static in-place masking is now fully supported. For more details, please refer to our updated article on this topic.

Keep your data safe with DataSunrise and follow our next updates to stay up to date.

Did this guide help you?

Contact Us