Masking of Plaintext in Database Table Using Masking.properties File
In this sample, using CT-V Bulk Utility, four database tables data will be masked using masking.properties
file.
Note
The name and structure of both the source and destination tables are same for the masking. The operation can be performed only in homogeneous databases.
The following sample is explained using four tables:
Source Data Tables
Below are the source data tables namely Table1, Table2, Table3, and Table4 in the database:
Setting Parameters for Masking.properties File
Below is the parameters set for encryption in the source database tables:
#####################
# Source DB Configuration for DB-to-DB
# Source.HostName
# Source.PortNumber
# Source.DatabaseType
# Source.DatabaseName
################################
#
# Source.Hostname
#
# Specifies the IP address of the database server to read the plain values to be
# masked.
Source.Hostname = 10.164.174.x
#
# Source.PortNumber
#
# Specifies the PortNumber of the database server.
Source.PortNumber = 3306
#
# Source.DatabaseType
#
# Specifies the type of the database to connect to.
Source.DatabaseType = MySQL
#
# Source.DatabaseName
#
# Specifies the database name of the server.
Source.DatabaseName = sdb
#####################
# Destination DB Configuration for DB-to-DB
# Destination.HostName
# Destination.PortNumber
# Destination.DatabaseType
# Destination.DatabaseName
#####################
#
# Destination.HostName
#
# Specifies the IP address of the destination database to which tokens are to be written.
Destination.HostName = 10.164.175.x
#
# Destination.PortNumber
#
# Specifies the PortNumber of the destination database.
Destination.PortNumber = 3306
#
# Destination.DatabaseType
#
# Specifies the type of the destination database to connect to.
Destination.DatabaseType = MySQL
#
# Destination.DatabaseName
#
# Specifies the Destination database name.
Destination.DatabaseName = ddb
###########################################
# Masking Configuration for DB-to-DB
#
# SourceTable.<TableNameN>
# [Mandatory]
# Specifies the table name and column properties which are to be masked. The
# following format shows how the table names and column properties are passed.
#
#SourceTable.<TableName1>=[column1,format,luhnCheck,startToken,inputDataLength]:
#[column2,format,luhnCheck,startToken,inputDataLength]......
#[columnN,format,luhnCheck,startToken,inputDataLength]
# ..........
# ..........
#SourceTable.<TableNameN>=[column1,format,luhnCheck,startToken,inputDataLength]:
#[column2,format,luhnCheck,startToken,inputDataLength]......
#[columnN,format,luhnCheck,startToken,inputDataLength]
#
# For SEQUENTIAL_TOKEN format either startToken or inputDataLength should be
# specified. In case both are specified, startToken will be used.
# inputDataLength specifies the input data length required for the
# sequential tokens.
#
############################################
Note: If any table specified here has parent-child foreign key relationship, then data of all the
associated tables (apart from the tables menionted in this parameter) will get copied to the
destination database tables.
SourceTable.Table1=[fname,1,false]
SourceTable.Table3=[fname,1,false]
#
# NonMaskingTables
# [optional]
# Specifies the list of tables which are not to be masked. The table names are
# comma spearated.
############################################
NonMaskingTables=Table4
###############################
# Multi-threading Configuration for DB-to-DB
# Threads.BatchSize
# Threads.TokenThreads
# Threads.PollTimeout
###############################
#
# Threads.BatchSize
#
# Specifies number of rows per batch.
Threads.BatchSize = 1000
#
# Threads.TokenThreads
#
# Specifies number of threads that will perform tokenization of columns
# as required.
Threads.TokenThreads = 2
#
# Threads.PollTimeout
#
# Specifies the amount of time (in milliseconds) processing threads will
# wait for a batch on the data queue before timing out, checking for
# adminitrative commands on the management queue, and then checking for
# another batch on the data queue.
# Default value of this parameter is 100.
# Do not modify this parameter unless instructed by customer support.
Threads.PollTimeout = 100
#
# Logger.LogLevel
#
# Specifies the level of details displayed.
#
# Valid values
# Normal
# Verbose
# It is required for DB-to-DB
Logger.LogLevel = Normal
###############################################################################
# END
###############################################################################
Running CipherTrust Vaulted Tokenization Bulk Utility
Enter the following command to encrypt with CT-V Bulk Utility in a Windows environment:
java java -cp SafeNetTokenService-8.12.4.000.jar com.safenet.token.migration.main config-file-path -dtd DSU=testUser DSP=xxxx SDBU=sa SDBP=xxxx DDBU=sa DDBP=xxxx
Reviewing the Output Data Table
The output data is saved at the same destination mentioned in the masking.properties
file with the table names Table1, Table2, Table3, and Table4. As per the masking configuration parameters, only column fname
of Table1 and Table3 are masked, and Table4 gets copied. Also, Table2 gets copied as it has parent-child foreign key relationship with Table1 even though it was not specified in the NonMaskingTables parameter
.
Here is the data from the destination database tables: