Anonymization & Data Masking for PostgreSQL
postgresql_anonymizer is an extension to mask or replace
personally identifiable information (PII) or commercially sensitive data from
a PostgreSQL database.
The project is aiming toward a declarative approach of anonymization. This means we’re trying to extend PostgreSQL Data Definition Language (DDL) in order to specify the anonymization strategy inside the table definition itself.
With PostgreSQL Anonymizer we integrate, from the design of the database, the principle that outside production the data must be anonymized. Thus we can reinforce the GDPR rules, without affecting the quality of the tests during version upgrades for example.
Thierry Aimé, Office of Architecture and Standards in the French Public Finances Directorate General (DGFiP)
The PostgreSQL Anonymizer extension immediately aroused our interest at bioMérieux. This innovative extension allowed us to integrate the anonymization of patient data at the earliest stage of the development process. Therefore we could shorten our implementation times to be more responsive to our customers.
Grégory GNOS, IT Solution MW at bioMérieux
Thanks to PostgreSQL Anonymizer we were able to define complex masking rules in order to implement full pseudonymization of our databases without losing functionality. Testing on realistic data while guaranteeing the confidentiality of patient data is a key point to improve the robustness of our functionalities and the quality of our customer service.
Julien Biaggi, Product Owner at bioMérieux
Once the masking rules are defined, you can access the anonymized data in 3 different ways :
In addition, various Masking Functions are available: randomization, faking, partial scrambling, shuffling, noise, or even your own custom function!
Read the Concepts section for more details and NEWS.md for information about the latest version.
Add the PostgreSQL Official RPM Repo to your system. It should be something like:
$ sudo yum install https://.../pgdg-redhat-repo-latest.noarch.rpm
Install (Replace 12 with the major version of your instance)
$ sudo yum install postgresql_anonymizer12
Add ‘anon’ in the shared_preload_libraries parameter of you postgresql.conf file. For example:
shared_preload_libraries = 'pg_stat_statements, anon'
Restart your instance.
PostgreSQL Anonymizer is licensed under PostgreSQL license.
We need your feedback and ideas! Let us know what you think of this tool, how it fits your needs and what features are missing.
You can either open an issue or send a message at contact@dalibo.com.
PostgreSQL Anonymizer is maintained by the following Dalibo Labs team members, with of many from the open source community:
