Configuration

The extension has currently a few options that be defined for the entire instance ( inside postgresql.conf or with ALTER SYSTEM).

It is also possible and often a good idea to define them at the database level like this:

ALTER DATABASE customers SET anon.restrict_to_trusted_schemas = on;

Only superuser can change the parameters below :

anon.algorithm

Type Text
Default value 'sha256'
Visible only to superusers

This is the hashing method used by pseudonymizing functions. Checkout the pgcrypto documentation for the list of available options.

See anon.salt to learn why this parameter is a very sensitive information.

anon.maskschema

Type Text
Default value 'mask'
Visible to all users

The schema (i.e. 'namespace') where the dynamic masking views will be stored.

anon.restrict_to_trusted_schemas

Type Boolean
Default value off
Visible to all users

By enabling this parameter, masking rules must be defined using functions located in a limited list of namespaces. By default, only the anon schema is trusted.

This improves security by preventing users from declaring their custom masking filters. This also means that the schema must be explicit inside the masking rules.

For more details, check out the Write your own masks section of the Masking functions chapter.

anon.salt

Type Text
Default value (empty)
Visible only to superusers

This is the salt used by pseudonymizing functions. It is very important to define a custom salt for each database like this:

ALTER DATABASE foo SET anon.salt = 'This_Is_A_Very_Secret_Salt';

If a masked user can read the salt, he/she can run a brute force attack to retrieve the original data based on the 3 elements:

  • The pseudonymized data
  • The hashing algorithm (see anon.algorithm)
  • The salt

The GDPR considered that the salt and the name of the hashing algorithm should be protected with the same level of security that the data itself. This is why you should store the salt directly within the database with ALTER DATABASE.

anon.sourceshema

Type Text
Default value 'public'
Visible to all users

The schema (i.e. 'namespace') where the tables are masked by the dynamic masking engine.

Change this value before starting dynamic masking.

ALTER DATABASE foo SET anon.sourceschema TO 'my_app';

Then reconnect so that the change takes effect and start the engine.

SELECT start_dynamic_masking();