From f5b236c33986fa1a9653d1ca561767fa00311c0d Mon Sep 17 00:00:00 2001 From: Catherine Smith Date: Thu, 27 Jan 2022 10:54:24 -0500 Subject: [PATCH] updates docs for supported masking strategies and associated configs (#173) * updates docs for supported masking strategies and associated configs * formatting to make each masking strategy more obvious * missed a spot * cr changes --- .../docs/guides/masking_strategies.md | 103 ++++++++++++++---- 1 file changed, 80 insertions(+), 23 deletions(-) diff --git a/docs/fidesops/docs/guides/masking_strategies.md b/docs/fidesops/docs/guides/masking_strategies.md index 9e9fc7bf8..9230ad6bc 100644 --- a/docs/fidesops/docs/guides/masking_strategies.md +++ b/docs/fidesops/docs/guides/masking_strategies.md @@ -5,8 +5,8 @@ In this section we'll cover: - What is data masking? - Why might you want to mask personally identifiable information rather than delete? - How do you use fidesops as a masking service only? -- What are the currently-supported masking strategies in fidesops? - How do you configure masking strategies for your fidesops policies? +- What are the current supported masking strategies in fidesops? - How do you create your own masking strategies? @@ -24,9 +24,7 @@ pseudonymized in most cases, and (at worst) may still be identifiable if the mas which is a common mistake! In fidesops, your options to pseudonymize data are captured in "masking strategies". Fidesops supports a wide variety -of masking strategies for different purposes when used directly as an API including HMAC, hashing, encryption, and -randomization. However, note that fidesops only supports the "null" strategy when processing privacy requests right now, -but we'll be adding support for all masking strategies in an upcoming release! +of masking strategies for different purposes when used directly as an API including HMAC, Hash, AES encryption, string rewrite, random string rewrite, and null rewrite. ### Why mask instead of delete? @@ -48,7 +46,7 @@ Other reasons to mask instead of delete include legal requirements that have you ## Using fidesops as a masking service -If you just want to use fidesops as a masking service, you can send a PUT request to the masking endpoint with the +If you just want to use fidesops as a masking service, you can send a `PUT` request to the masking endpoint with the value you'd like pseudonymized. This endpoint is also useful for getting a feel of how the different masking strategies work. Example: `PUT /masking/mask?value=test@example.com` @@ -80,27 +78,11 @@ The email has been replaced with a random string of 20 characters, while still p See [Masking values API docs](/fidesops/api#operations-tag-Masking) on how to use fidesops to as a masking service . -## Supported Masking Strategies - -### Supported by fidesops policies - - - `NullMaskingStrategy`: Masks the input value with a null value. - - ... More strategies coming soon - -### Supported by masking service only - - - `StringRewriteMaskingStrategy`: Masks the input value with a default string value - - `HashMaskingStrategy`: Masks the input value by returning a hashed version of the input value - - `RandomStringRewriteMaskingStrategy`: Masks the input value with a random string of a specified length - - `AesEncryptionMaskingStrategy`: Masks by encrypting the value using AES - - `HmacMaskingStrategy`: Masks the input value by using the HMAC algorithm along with a hashed version of the data and a secret key - ## Configuration -Only null value masking is currently supported by fidesops policies, but support for other strategies is coming. -Currently, erasure requests will replace customer data with null values. +Erasure requests will mask data with the chosen masking strategy. -In the future, to configure a specific masking strategy to be used for a Policy, you will create an `erasure` rule +To configure a specific masking strategy to be used for a Policy, you will create an `erasure` rule that captures that strategy for the Policy. Issue a PATCH request to `/policy/policy_key/rule`: @@ -123,6 +105,77 @@ Issue a PATCH request to `/policy/policy_key/rule`: ``` +## Supported Masking Strategies and Associated Configuration options + +### Null Rewrite + +Masks the input value with a null value. + +`strategy`: `null_rewrite` + +No config needed. + +### String Rewrite + +Masks the input value with a default string value. + +`strategy`: `string_rewrite` + +`configuration`: + +- `rewrite_value`: `str` that will replace input values +- `format_preservation` (optional): `Dict` with the following key/vals: + - `suffix`: `str` that specifies suffix to append to masked value + +### Hash + +Masks the data by hashing the input before returning it. The hash is deterministic such that the same input will return the same output within the context of the same privacy request. This is not the case when the masking service is called as a standalone service, outside the context of a privacy request. + +`strategy`: `hash` + +`configuration`: + +- `algorithm` (optional): `str` that specifies Hash masking algorithm. Options include `SHA-512` or `SHA_256`. Default = `SHA_256` +- `format_preservation` (optional): `Dict` with the following key/vals: + - `suffix`: `str` that specifies suffix to append to masked value + +### Random String Rewrite + +Masks the input value with a random string of a specified length. + +`strategy`: `random_string_rewrite` + +`configuration`: + +- `length` (optional): `int` that specifies length of randomly generated string. Default = `30` +- `format_preservation` (optional): `Dict` with the following key/vals: + - `suffix`: `str` that specifies suffix to append to masked value + +### AES Encrypt + +Masks the data using AES encryption before returning it. The AES encryption strategy is deterministic such that the same input will return the same output within the context of the same privacy request. This is not the case when the masking service is called as a standalone service, outside the context of a privacy request. + +`strategy`: `aes_encrypt` + +`configuration`: + +- `mode` (optional): `str` that specifies AES encryption mode. Only supported option is `GCM`. Default = `GCM` +- `format_preservation` (optional): `Dict` with the following key/vals: + - `suffix`: `str` that specifies suffix to append to masked value + +### HMAC + +Masks the data using HMAC before returning it. The HMAC encryption strategy is deterministic such that the same input will return the same output within the context of the same privacy request. This is not the case when the masking service is called as a standalone service, outside the context of a privacy request. + +`strategy`: `hmac` + +`configuration`: + +- `algorithm` (optional): `str` that specifies HMAC masking algorithm. Options include `SHA-512` or `SHA_256`. Default = `SHA_256` +- `format_preservation` (optional): `Dict` with the following key/vals: + - `suffix`: `str` that specifies suffix to append to masked value + + See the [Policy guide](policies.md) for more detailed instructions on creating Policies and Rules. @@ -180,6 +233,10 @@ class RandomStringRewriteMaskingStrategy(MaskingStrategy): @staticmethod def get_description() -> MaskingStrategyDescription: """Not covered in this example""" + + @staticmethod + def data_type_supported(data_type: Optional[str]) -> bool: + """Not covered in this example""" ``` The `mask` method will be called with the value to be masked and the masked value will be the output. In this case,