Redact Config
The redact command supports YAML configuration for complex redaction rules.
Basic Structure
Section titled “Basic Structure”# Global settingsseed: 12345locale: en
# Default strategy for unmatched columnsdefaults: strategy: skip
# Column-specific rulesrules: - column: "*.email" strategy: hash - column: "*.name" strategy: fake generator: name
# Tables to skip entirelyskip_tables: - schema_migrations - ar_internal_metadataGlobal Settings
Section titled “Global Settings”Random seed for reproducible fake data generation:
seed: 12345Same seed = same fake data on every run.
locale
Section titled “locale”Locale for fake data generation:
locale: en # English (default)locale: de_de # Germanlocale: fr_fr # Frenchlocale: ja_jp # Japaneselocale: zh_cn # ChineseEach rule matches columns and applies a strategy.
Column Patterns
Section titled “Column Patterns”rules: # All columns named 'email' in any table - column: "*.email"
# Specific table.column - column: "users.password"
# Wildcard in column name - column: "*.ssn*"
# Multiple patterns (comma-separated) - column: "*.phone,*.mobile,*.fax"Strategies
Section titled “Strategies”Replace with NULL:
- column: "*.ssn" strategy: nullconstant
Section titled “constant”Replace with a fixed value:
- column: "*.status" strategy: constant value: "REDACTED"SHA256 hash (deterministic):
- column: "*.email" strategy: hashSame input always produces same hash, preserving FK relationships.
Generate realistic fake data:
- column: "*.name" strategy: fake generator: nameAvailable generators:
| Generator | Example Output |
|---|---|
email | jessica.smith@example.com |
name | Robert Johnson |
first_name | Sarah |
last_name | Williams |
phone | +1 (555) 234-5678 |
address | 123 Oak Street, Springfield, IL |
city | Portland |
state | California |
zip | 90210 |
country | United States |
company | Acme Corporation |
job_title | Software Engineer |
username | jsmith42 |
url | https://example.com/page |
ip | 192.168.1.100 |
ipv6 | 2001:db8::1 |
uuid | 550e8400-e29b-41d4-... |
date | 1985-07-23 |
datetime | 2023-01-15 14:30:00 |
credit_card | 4532015112830366 |
iban | DE89370400440532013000 |
ssn | 123-45-6789 |
lorem | Lorem ipsum dolor sit... |
paragraph | Full paragraph of text... |
sentence | A complete sentence. |
Partial masking with pattern:
- column: "*.credit_card" strategy: mask pattern: "****-****-****-XXXX"Pattern symbols:
*- Replace with asteriskX- Keep original character#- Random digit
Examples:
****-****-****-XXXX→****-****-****-1234XXX-XX-####→123-45-6789(SSN with random last 4)***@XXXXX→***@gmail.com(mask email prefix)
shuffle
Section titled “shuffle”Redistribute values within column:
- column: "*.salary" strategy: shufflePreserves distribution but breaks correlation with other columns.
No redaction (passthrough):
- column: "admins.email" strategy: skipskip_tables
Section titled “skip_tables”Skip entire tables from redaction:
skip_tables: - schema_migrations - ar_internal_metadata - _globalComplete Example
Section titled “Complete Example”seed: 42locale: en
defaults: strategy: skip
rules: # PII - column: "*.email" strategy: hash - column: "*.name,*.first_name,*.last_name" strategy: fake generator: name - column: "*.phone,*.mobile" strategy: fake generator: phone - column: "*.ssn" strategy: null - column: "*.password" strategy: constant value: "$2a$10$REDACTED"
# Financial - column: "*.credit_card" strategy: mask pattern: "****-****-****-XXXX" - column: "*.salary" strategy: shuffle
# Addresses - column: "*.address,*.street" strategy: fake generator: address - column: "*.city" strategy: fake generator: city - column: "*.zip,*.postal_code" strategy: fake generator: zip
# Exceptions - column: "admins.email" strategy: skip
skip_tables: - schema_migrations - ar_internal_metadata