Data Masking

Contents

Data Masking

Data Masking is a feature designed to protect sensitive data by masking specific fields in messages when browsing stream messages. This functionality ensures that sensitive information remains hidden, enhancing security and compliance.

Enable Data Masking

Data Masking is only supported with Topic Browse from governance and streaming charts.

To enable the Data Masking feature, the Operator must first activate the Data Masking Feature in his values.yaml as shown below:

platform-ui:
  config:
    # Data Masking Feature
    dataMaskingEnabled: true

Once the operator has enabled the Data Masking feature, the Tenant Admin can enable the Data Masking feature for his organization

Configure Enforcing of Strict Data Masking in an Environment

The Environment Owner can decide if any strictly masked field can be unmasked during a topic browse search.

This guarantees that certain masked fields cannot be seen in a topic browse search under any circumstances.

  1. Move to the Environments page

  2. Select the Environment

  3. Click on the Edit Environment button

  4. Click on the Strict Data Masking toggle

    Environment Strict Data Masking

  5. Click Update Environment button

Strict Data Masking is disabled by default.

Define Masked Fields for Schemas

The Schema Owner can define masked fields for their Schemas. The masked fields are applied to every Topic using the Schema.

When a field is masked but not strictly masked, it will be masked during a topic browse search, but it can be unmasked by toggling on the Unmask fields option.

When a field is strictly masked, it will be masked during a topic browse search. Depending on the Strict Data Masking option set on the environment, the field can or cannot be unmasked when browsing messages in that environment.

  1. Open the Schema page

  2. Navigate to a Schema that you own

  3. Click on the View maskable fields button

    View Maskable Fields

  4. Select the fields to be masked and click on the Save button

We support the masking of nested fields using dot notation.

Define Masked Fields for Topic Configurations

The Topic Owner can define masked fields for their Topic Configuration in addition to the ones already defined by the Schema Owner. The masked fields are configured per environment enabling complete flexibility. For e.g., the topic owner can choose to have the field be unmasked in the test environment but masked in the production environment.

  1. Open the Topic page

  2. Navigate to a Topic that you own

  3. Select an environment for which the Topic has been configured

  4. Click on the Masking fields button

    Topic Data Masking button

  5. Select the fields to be masked and click on the Save button

    Topic Data Masking

Masked fields inherited from the Schema cannot be modified in the Topic Configuration.
Topic masking can’t be change if coming from schema

The Self-Service user eligible to browse a Topic can decide to unmask the masked fields, however, based on the Environment Strict Data Masking toggle some fields could remain masked.

  1. Open the Topic page and click on the Messages tab and search for messages

    Masked Topic Messages

  2. Toggle the Unmask fields button and search

    Unmasked Topic Messages