Skip to content

Mask

Mask allows replacing sensitive fields with hash of that field or with a static string. Example: You could set the value to *** and all the fields that match the jsonPath will be replaced with ***.

Field Description Scheme Required
selector Selector helps in choosing which configs should use the mask. MaskSelector true
jsonpath Specify JSONPath expression for the fields string true
value Value can be a name of a hash function or just a string. See supported hash functions. string true

As an example let's take the following configuration file for Config DB

file:
  - type: Config
    id: $.id
    name: $.name
    transform:
      mask:
        - selector:
            type: Config
          jsonpath: $.password
          value: md5sum
        - selector:
            type: Config
          jsonpath: $.secret
          value: '***'
    paths:
      - fixtures/data/single-config.json

This configuration specifies 2 different masks. The first one will replace the value of the field password with the md5sum of the value. The second one will replace the value of the field secret with ***.

Info

All the masks will be applied in the order they are specified in the configuration file.

Supported hash functions

At the moment, only md5sum is supported. More hash functions will be added in the future.

  • md5sum

MaskSelector

Field Description Scheme Required
type Type is the config type to apply the mask string true

Config DB allows selectively applying masks to certain types of configs. So you could apply a mask to all the Config types and another mask to all the Secret types.