{"id":14483106,"url":"https://github.com/asgeirrr/pgantomizer","last_synced_at":"2025-07-27T02:31:27.088Z","repository":{"id":57452100,"uuid":"90649518","full_name":"asgeirrr/pgantomizer","owner":"asgeirrr","description":"Anonymize data in your PostgreSQL dabatase with ease","archived":false,"fork":false,"pushed_at":"2023-11-24T20:06:42.000Z","size":53,"stargazers_count":101,"open_issues_count":5,"forks_count":20,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-01T06:36:38.247Z","etag":null,"topics":["anonymization","anonymize","dump","gdpr","postgresql"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/asgeirrr.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-05-08T16:28:07.000Z","updated_at":"2024-10-29T02:41:56.000Z","dependencies_parsed_at":"2023-11-24T20:31:10.892Z","dependency_job_id":"3994ecfd-179f-45bb-9df9-a368749d0306","html_url":"https://github.com/asgeirrr/pgantomizer","commit_stats":{"total_commits":18,"total_committers":1,"mean_commits":18.0,"dds":0.0,"last_synced_commit":"2bf86ea6561c8dbbc1d164e90a889dc440d8b291"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asgeirrr%2Fpgantomizer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asgeirrr%2Fpgantomizer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asgeirrr%2Fpgantomizer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asgeirrr%2Fpgantomizer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/asgeirrr","download_url":"https://codeload.github.com/asgeirrr/pgantomizer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227515053,"owners_count":17782642,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anonymization","anonymize","dump","gdpr","postgresql"],"created_at":"2024-09-03T00:01:30.456Z","updated_at":"2024-12-02T14:33:32.868Z","avatar_url":"https://github.com/asgeirrr.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"pgantomizer\n===========\n\n.. image:: https://travis-ci.org/asgeirrr/pgantomizer.svg?branch=master\n :target: https://travis-ci.org/asgeirrr/pgantomizer\n\n.. image:: https://coveralls.io/repos/github/asgeirrr/pgantomizer/badge.svg?branch=master\n :target: https://coveralls.io/github/asgeirrr/pgantomizer\n\n.. image:: https://img.shields.io/badge/License-BSD%203--Clause-blue.svg\n :target: https://github.com/asgeirrr/pgantomizer/blob/master/LICENSE\n\n.. image:: https://badge.fury.io/py/pgantomizer.svg\n :target: https://badge.fury.io/py/pgantomizer\n\nAnonymize data in your PostgreSQL database with ease. Anonymization is handy if you need to provide data to\npeople that should not have access to the personal information of the users.\nImporting the data to third-party tools where you cannot guarantee what will happen to the data is also a common use case.\nThis tool will come in handy when GDPR will take effect in EU-countries.\n\n\nAnonymization Process\n---------------------\n\nThe rules for anonymization are written in a single YAML file.\n\nColumns that should be left in the raw form without anonymization must be explicitly marked in the schema.\nThis ensures that adding the new column in the DB without thinking about its sensitivity does not leak the data.\n\nThe default name of the primary key is `id` but a custom one can be specified form the table in the schema.\nIf the table has no primary key, you may specify `~` or `null` explicitly. Primary key is NOT anonymized by default.\n\nIf you wish do bypass anonymization and truncate a specific table, you can do so by passing `truncate: true`.\n\nIf the table you wish to truncate is referenced by foreign keys, consider using `truncate: cascade`, but beware\nthat this option will cause PostgreSQL to silently and automatically truncate any other tables that reference this\ntable via foreign key constraints. Use with care!\n\nYou can limit the scope of the anonymization pass by providing a `where` clause. This is useful for retaining\ninternal data as appropriate.\n\n\nA sample YAML schema can be examined below.\n\n.. code:: yaml\n\n customer:\n raw: [language, currency]\n pk: customer_id\n custom_rules:\n email: example_email,\n bio: x_out,\n auth_hash: clear,\n another_uniq_id: md5,\n phone_number:\n value: '+15555555555'\n where: \"email \u003c\u003e 'me@my-company.com'\"\n\n customer_address:\n raw: [country, customer_id]\n pk: ~\n custom_rules:\n address_line: aggregate_length\n\n customer_transactions:\n truncate: true\n\nSometimes it is needed to use a different anonymization function for a particular column.\nIt can be specified in the `custom_rules` directive (see example above).\nThere is a limited set of functions you can choose from. So far:\n\n* **aggregate_length** - replaces content of the column with its length (can be used on any type that supports length function)\n* **clear** - simply nulls out the value (whatever DB constraints still apply)\n* **example_email** - replaces the value with an `@example.com` based on the primary key value\n* **md5** - alternative to default TEXT handling, useful for creating variance aside default handling while also guaranteeing value uniqueness\n* **x_out** - converts a string alpha-numeric characters to X's, retaining length\n\nAdditionally, you can provide a nested value with a `value` key to assign values directly.\n\n\nCalling pgantomizer from the Command Line\n-----------------------------------------\n\n**pgantomizer_dump** is a helper script that dumps tables specified in the YAML schema file to a compressed file using `pg_dump`.\nJust pass the path to the schema and the DB connection details.\nMinimal working example taking advantage of default values of some of the required parameters:\n\n.. code:: bash\n\n pgantomizer_dump --schema my_schema.yaml --dbname original_postgres --user alaric\n\nTo see a list of all parameters, run:\n\n.. code:: bash\n\n pgantomizer_dump -h\n\nThe script is able to take the DB connection details from environmental variables\nfollowing the conventions of running Django in Docker. The presumed variable names are:\n`DB_DEFAULT_NAME`, `DB_DEFAULT_USER`, `DB_DEFAULT_PASS`, `DB_DEFAULT_SERVICE`, `DB_DEFAULT_PORT`.\n\nBy default, the main script, **pgantomizer** loads the Postgre dump into a specified instance. Then all columns\nexcept primary keys and the ones specified in the schema as `raw` are anonymized according to their data type.\nFinally, the dump file is deleted by default to reduce risk of leakage of unanonymized data.\nThe connection details of the Postgres instance where the anonymized data should be loaded can be passed as arguments\n\n\n.. code:: bash\n\n pgantomizer --schema my_schema.yaml --dump-file ./to_anonymize.sql --dbname anonymized_postgres --user alaric --password anonymized_pass --host localhost --port 5432\n\nor through environmental variables with following names:\n`ANONYMIZED_DB_NAME`, `ANONYMIZED_DB_USER`, `ANONYMIZED_DB_PASS`, `ANONYMIZED_DB_HOST`, `ANONYMIZED_DB_PORT`.\n\nNote: If you wish to anonymize a source that has been previously restored using other means, you may do so by passing the `--skip-restore` (`-s`) flag to pgantomizer.\nIn this mode pgantomizer will not try to enforce any dump file requirements and will connect directly to the target server for anonymization without any schema reconstruction.\n\n\nCalling pgantomizer from Python\n-------------------------------\n\nUse **dump_db** and **load_anonymize_remove** functions to dump anonymize the data from Python.\nIn the following example, DB connections for the original and anonymized instance are specified via ENV variables described above.\n\n.. code:: python\n\n from pgantomizer import dump_db, load_anonymize_remove\n\n dump_db('to_anonymize.sql', 'anonymization_schema.yaml')\n load_anonymize_remove('to_anonymize.sql', 'anonymization_schema.yaml')\n\nBoth functions have an optional **db_args** argument to pass the connection arguments explicitly in a dict.\nSee the example below how the dict should look like.\n\nIf you are only after anonymizing an existing database, there is a function `anonymize_db`\nthat will help you do that with a little extra work of parsing the YAML schema.\n\n.. code:: python\n\n import yaml\n\n from pgantomizer import anonymize_db\n\n anonymize_db(yaml.load(open('anonymization_schema.yaml'), Loader=yaml.FullLoader), {\n 'dbname': 'anonymized_postgres',\n 'user': 'alaric',\n 'password': 'anonymized_pass',\n 'host': 'localhost',\n 'port': '5432',\n })\n\nIf you would like to use environmental variables instead, use function `anonymize.get_db_args_from_env`\nto construct the dict from ENV.\n\n\nTODO\n----\n* expand this README\n* submit package automatically to PyPI\n* add --dry-run argument that will check the schema and output the operations to be performed\n* remove password argument and use `getpass` instead for better security\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasgeirrr%2Fpgantomizer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fasgeirrr%2Fpgantomizer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasgeirrr%2Fpgantomizer/lists"}