PostgreSQL Anonymizer 1.1: Privacy By Default For Postgres
PostgreSQL Anonymizer is an extension that hides or replaces personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database.
The extension supports 3 different anonymization strategies: Dynamic Masking, Static Masking and Anonymous Dumps. It also offers a large choice of Masking Functions such as Substitution, Randomization, Faking, Pseudonymization, Partial Scrambling, Shuffling, Noise Addition and Generalization.
Privacy By Default
The GDPR regulation (and other privacy laws) introduces the concept of data protection by default. In a nutshell, it means that by default, organisations should ensure that data is processed with the highest privacy protection so that by default personal data isn’t made accessible to an indefinite number of persons.
By applying this principle to anonymization, we end up with the idea of privacy by default which basically means that all columns of all tables should be masked by default, without having to declare a masking rule for each of them.
To enable this feature, simply set the option anon.privacy_by_default to on.
ALTER DATABASE foo SET anon.privacy_by_default = True;Now all the columns of the foo database will be anonymized with the default value of the column (if defined) or with NULL.
Caveat: If you have columns declared as NOT NULL, you will have to define a default value, otherwise you will end up with a constraint violation when you will anonymize the database.
For more details about this feature, please follow the link below:
https://postgresql-anonymizer.readthedocs.io/en/latest/privacy_by_default/
Consistent Anonymous Dumps
Before version 1.0, pg_dump_anon was a bash script. This script was nice and simple. However under certain conditions the anonymous backups were not consistent.
There's now a brand new version of pg_dump_anon (rewitten in Golang) that will always produce consistent exports.
The previous script is now renamed to pg_dump_anon.sh and it is still available for backwards compatibility. But it will be deprecated in version 2.0.
https://postgresql-anonymizer.readthedocs.io/en/latest/anonymous_dumps/
How to Install
This extension is officially supported on PostgreSQL 9.6 and further versions.
On Red Hat, CentOS and Rocky Linux systems, you can install it directly from the official PostgreSQL RPM repository:
dnf install postgresql_anonymizer14Then load the extension with:
ALTER DATABASE foo SET session_preload_libraries = 'anon';Create the extension inside the database:
CREATE EXTENSION anon CASCADE;And finally, initialize the extension
SELECT anon.init();For other systems, check out the install documentation:
https://postgresql-anonymizer.readthedocs.io/en/latest/INSTALL/
PostgreSQL Anonymizer 1.1: Privacy By Default For Postgres
A new version of PostgreSQL Anonymizer has been released. PostgreSQL Anonymizer is an extension that hides or replaces personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database.
