Documentation
¶
Overview ¶
Package obfuscation applies post-restore PII scrubbing rules to a database copy. It connects directly to the copy container using the engine's DSN and runs engine-specific UPDATE statements for each rule.
Supported strategies:
- nullify — SET col = NULL
- redact — SET col = '[redacted]' (configurable via Rule.With)
- mask — replace characters with '*' (configurable mask_char / keep_last)
- hash — one-way SHA-256 hex digest; preserves uniqueness for JOINs
- replace — deterministic format-preserving substitution; Rule.Type selects the data shape: email, name, phone, ip, url, uuid
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Obfuscator ¶
type Obfuscator struct {
// contains filtered or unexported fields
}
Obfuscator applies a set of rules to a single database copy.
func New ¶
func New(engineName, dsn string, rules []config.ObfuscationRule) *Obfuscator
New creates an Obfuscator. engineName must be "postgres" or "mysql". dsn is the connection string returned by engine.ConnectionString("localhost", port).
func (*Obfuscator) Apply ¶
func (o *Obfuscator) Apply(ctx context.Context) error
Apply opens a short-lived connection to the copy and runs all UPDATE statements in sequence. Returns immediately if rules is empty.
The drivers (pgx and go-sql-driver/mysql) are registered by the engine package init() functions via blank imports in the main binary; no import of those packages is needed here.
Source Files