commands

^

Invoke-DbaDbDataMasking

Author Sander Stad (@sqlstad, sqlstad.nl) , Chrissy LeMaire (@cl, netnerds.net)
Availability Windows, Linux, macOS

 

Synopsis

Masks data by using randomized values determined by a configuration file and a randomizer framework

Description

TMasks data by using randomized values determined by a configuration file and a randomizer framework

It will use a configuration file that can be made manually or generated using New-DbaDbMaskingConfig

Note that the following column and data types are not currently supported: Identity ForeignKey Computed Hierarchyid Geography Geometry Xml

Syntax

Invoke-DbaDbDataMasking
    [[-SqlInstance] <DbaInstanceParameter[]>]
    [[-SqlCredential] <PSCredential>]
    [[-Database] <String[]>]
    [-FilePath] <Object>
    [[-Locale] <String>]
    [[-CharacterString] <String>]
    [[-Table] <String[]>]
    [[-Column] <String[]>]
    [[-ExcludeTable] <String[]>]
    [[-ExcludeColumn] <String[]>]
    [[-MaxValue] <Int32>]
    [[-ModulusFactor] <Int32>]
    [-ExactLength]
    [[-CommandTimeout] <Int32>]
    [[-BatchSize] <Int32>]
    [[-Retry] <Int32>]
    [[-DictionaryFilePath] <String[]>]
    [[-DictionaryExportPath] <String>]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> Invoke-DbaDbDataMasking -SqlInstance SQLDB2 -Database DB1 -FilePath C:\Temp\sqldb1.db1.tables.json

Apply the data masking configuration from the file "sqldb1.db1.tables.json" to the db1 database on sqldb2. Prompt for confirmation for each table.

Example: 2
PS C:\> Get-ChildItem -Path C:\Temp\sqldb1.db1.tables.json | Invoke-DbaDbDataMasking -SqlInstance SQLDB2 -Database DB1 -Confirm:$false

Apply the data masking configuration from the file "sqldb1.db1.tables.json" to the db1 database on sqldb2. Do not prompt for confirmation.

Example: 3
PS C:\> New-DbaDbMaskingConfig -SqlInstance SQLDB1 -Database DB1 -Path C:\Temp\clone -OutVariable file

$file | Invoke-DbaDbDataMasking -SqlInstance SQLDB2 -Database DB1 -Confirm:$false
Create the data masking configuration file "sqldb1.db1.tables.json", then use it to mask the db1 database on sqldb2. Do not prompt for confirmation.

Example: 4
PS C:\> Get-ChildItem -Path C:\Temp\sqldb1.db1.tables.json | Invoke-DbaDbDataMasking -SqlInstance SQLDB2, sqldb3 -Database DB1 -Confirm:$false

See what would happen if you the data masking configuration from the file "sqldb1.db1.tables.json" to the db1 database on sqldb2 and sqldb3. Do not prompt for confirmation.

Required Parameters

-FilePath

Configuration file that contains the which tables and columns need to be masked

Alias Path,FullName
Required True
Pipeline true (ByValue)
Default Value

Optional Parameters

-SqlInstance

The target SQL Server instance or instances.

Alias
Required False
Pipeline false
Default Value
-SqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential). Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported. For MFA support, please use Connect-DbaInstance.

Alias
Required False
Pipeline false
Default Value
-Database

Databases to process through

Alias
Required False
Pipeline false
Default Value
-Locale

Set the local to enable certain settings in the masking

Alias
Required False
Pipeline false
Default Value en
-CharacterString

The characters to use in string data. 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' by default

Alias
Required False
Pipeline false
Default Value abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
-Table

Tables to process. By default all the tables will be processed

Alias
Required False
Pipeline false
Default Value
-Column

Columns to process. By default all the columns will be processed

Alias
Required False
Pipeline false
Default Value
-ExcludeTable

Exclude specific tables even if it's listed in the config file.

Alias
Required False
Pipeline false
Default Value
-ExcludeColumn

Exclude specific columns even if it's listed in the config file.

Alias
Required False
Pipeline false
Default Value
-MaxValue

Force a max length of strings instead of relying on datatype maxes. Note if a string datatype has a lower MaxValue, that will be used instead. Useful for adhoc updates and testing, otherwise, the config file should be used.

Alias
Required False
Pipeline false
Default Value 0
-ModulusFactor

Calculating the next nullable by using the remainder from the modulus. Default is every 10.

Alias
Required False
Pipeline false
Default Value 0
-ExactLength

Mask string values to the same length. So 'Tate' will be replaced with 4 random characters.

Alias
Required False
Pipeline false
Default Value False
-CommandTimeout

Timeout for the database connection in seconds. Default is 300.

Alias
Required False
Pipeline false
Default Value 0
-BatchSize

Size of the batch to use to write the masked data back to the database

Alias
Required False
Pipeline false
Default Value 0
-Retry

The amount of retries to generate a unique row for a table. Default is 1000.

Alias
Required False
Pipeline false
Default Value 0
-DictionaryFilePath

Import the dictionary to be used in in the database masking

Alias
Required False
Pipeline false
Default Value
-DictionaryExportPath

Export the dictionary to the given path. Naming convention will be [computername][instancename][database]_Dictionary.csv Be careful with this feature, this export is the key to get the original values which is a security risk!

Alias
Required False
Pipeline false
Default Value
-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

Alias
Required False
Pipeline false
Default Value False
-WhatIf

If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.

Alias wi
Required False
Pipeline false
Default Value
-Confirm

If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.

Alias cf
Required False
Pipeline false
Default Value

 

Want to see the source code for this command? Check out Invoke-DbaDbDataMasking on GitHub.
Want to see the Bill Of Health for this command? Check out Invoke-DbaDbDataMasking.