Python based database sanitizer for removing sensitive data from your database dumps
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
database_sanitizer
.editorconfig Add .editorconfig May 4, 2018
.gitignore Ignore packaging related stuff May 4, 2018
.travis.yml Travis: Add more Python versions to test matrix Jun 20, 2018
LICENSE Initial commit Apr 27, 2018
README.md
requirements-test.txt
setup.cfg setup.cfg: Ignore typing imports from coverage reports Jun 20, 2018
setup.py Configure isort and sort imports Jun 20, 2018

README.md

Database sanitation tool

pypi travis codecov

database-sanitizer is a tool which retrieves an database dump from relational database and performs sanitation on the retrieved data according to rules defined in a configuration file. Currently the sanitation tool supports both PostgreSQL and MySQL databases.

Installation

database-sanitizer can be installed from PyPI with pip like this:

$ pip install database-sanitizer

If you are using MySQL, you need to install the package like this instead, so that additional requirements are included:

$ pip install database-sanitizer[MySQL]

Usage

Once the package has been installed, database-sanitizer can be used like this:

$ database-sanitizer <DATABASE-URL>

Command line argument DATABASE-URL needs to be provided so the tool knows how to retrieve the dump from the database. With PostgreSQL, it would be something like this:

$ database-sanitizer postgres://user:password@host/database

However, unless an configuration file is provided, no sanitation will be performed on the retrieved database dump, which leads us to the next section which will be...

Configuration

Rules for the sanitation can be given in a configuration file written in YAML. Path to the configuration file is then given to the command line utility with --config argument (-c for shorthand) like this:

$ database-sanitizer -c config.yml postgres://user:password@host/database

The configuration file uses following kind of syntax:

config:
  addons:
    - some.other.package
    - yet.another.package
strategy:
  user:
    first_name: name.first_name
    last_name: name.last_name
    secret_key: string.empty

In the example configuration above, there are first listed two "addon packages", which are names of Python packages where the sanitizer will be looking for sanitizer functions. They are completely optional and can be omitted, in which case only sanitizer functions defined in package called sanitizers and built-in sanitizers will be used instead.

The strategy portion of the configuration contains the actual sanitation rules. First you define name of the database table (in the example that would be user) followed by column names in that table which each one mapped to sanitation function name. The name of the sanitation function consists from two parts separated from each other by a dot: Python module name and name of the actual function, which will be prefixed with sanitize_, so name.first_name would be a function called sanitize_first_name in a file called name.py.