This is Part 2 of our tutorial series on implementing automated database masking using GitHub Actions:
- Part 1: Semantic Type and Global Masking Rule
- Part 2: Column Masking and Masking Exemption (this one)
- Part 3: Data Classification
Overview
In this tutorial, you’ll learn how to automate column masking and masking exemption using GitHub Actions and the Bytebase API. This integration allows you to:- Manage data masking rules as code
- Automatically apply masking policies when PRs are merged
Column Masking
Column Masking lets you specify table columns different semantic type to mask the data differently.In Bytebase Console
Go to a database page, then pick a table, you can specify semantic type by clicking pen icon on table detail page.
In GitHub Workflow
Find the stepApply column masking
, which will apply the column masking to the database via API. First it will parse all the column masking files and then do a loop to apply the column masking to the database one by one. The code it calls Bytebase API is as follows:
masking/databases/**/**/database-catalog.json
, create a PR and then merge, the change will be applied.
Log in Bytebase console, at the workspace level, go to the database page, you can see the column semantic type is applied.
Masking Exemption
Masking Exemption lets you exempt users from data masking and see the unmasked data.In Bytebase Console
Go to a project page, then click Manage > Masking Exemptions, you can grant masking exemption to the database.
In GitHub Workflow
Find the stepApply masking exception
, which will apply the masking exception to the database and the process is similar, the code it calls Bytebase API is as follows:
masking/projects/**/masking-exception.json
, create a PR and then merge, the change will be applied.
Log in Bytebase console, go to the project Sample Project
, click Manage > Masking Exemptions, you can see the masking exemption is applied.