Masking Sensitive Data in Mule 4
With the advent of data becoming more and more valuable assets, and for some being considered “the new gold”, companies invariably have to seek to invest and adopt meanings of protecting sensitive data. A very effective and widely used technique of protection is data masking.
As integration developers and architects, we often come across access to personal, confidential, and sensitive data like names, addresses, passwords, credit cards, phones, etc. Also, functional and non-functional requirements may determine the needs of exposing that type of data in its entirety or portions, both while in transit, and/or at rest.
Protecting data by masking in MuleSoft can be achieved using out-of-the-box DataWeave functions replace and mask.
Replace
DataWeave offers the replace function, a part of the dw::core module. It replaces a portion (substring) of a String based on a regular expression with another String.
Example using replace
Input:
{
"name": "Sauarbh",
"doj": "2012-05-09",
"age": 27,
"address":{
"email" : "saurabh007@gmail.com",
"street" : "205 h/k chakiya",
"city": "Prayagraj",
"Pincode": "211009"
}
}Output:
{
"Personal Data": {
"name": "S******",
"doj": "2012-05-09",
"age": 27,
"address": {
"email": "*******007@*****.***",
"street": "205 */* *******",
"city": "Prayagraj",
"Pincode": "211009"
}
}
}DataWeave Script:
%dw 2.0
output application/json
fun check(ob) = ob mapObject((value,key)-> {
(key): value match {
case is Object -> check(value)
case is String -> if(key ~= "name" or key~= "email" or key~= "street")
value replace /[a-z]/ with "*" else value
case is Number -> value
else -> ""
}
} )
---
{"Personal Data" : check(payload)} DataWeave Playground Snap:
Mask
DataWeave offers the mask function, a part of the dw::util::values module. It replaces the desired field with a masked version of it throughout the object or collection.
Example using mask
Input:
<users>
<user username="Abhishek" password="abhi751" >
<gender>Male</gender>
<email>abhishek2390@gmail.com</email>
<phone>9936129855</phone>
<MonthlyFee>3000</MonthlyFee>
</user>
<user username="Sanya" password="sanya196" >
<gender>Female</gender>
<email>sanya001@gmail.com</email>
<phone>6398745341</phone>
<MonthlyFee>3500</MonthlyFee>
</user>
</users>Output:
{
"users": [
{
"username": "ABHISHEK",
"password": "*******",
"Gender": "M",
"Email": "*****@****.com",
"Phone": "+91**********",
"Monthly Fee": "₹3,000"
},
{
"username": "SANYA",
"password": "*******",
"Gender": "F",
"Email": "*****@****.com",
"Phone": "+91**********",
"Monthly Fee": "₹3,500"
}
]
}DataWeave Script:
%dw 2.0
import * from dw::util::Values
output application/json
type Currency= String{format:"₹#,###"}
---
{
"users": payload.users.*user map ({
"username": $.@username,
"password" : $.@password,
"Gender" : $.gender,
"Email" : $.email,
"Phone" : $.phone,
"Monthly Fee": $.MonthlyFee as Number
})
}
mask field("username") with upper($)
mask field("password") with "*******"
mask field("Gender") with $[0]
mask field("Email") with "*****@****.com"
mask field("Phone") with "+91**********"
mask field("Monthly Fee") with $ as CurrencyDataWeave Playground Snap:
Another example shows how mask acts on all elements in the nested arrays. It changes the value of each element at index 1 to false.
Input:
[
[
"Gymnast",
true
],
[
"Sportsperson",
true
],
[
"Racer",
true
]
]Output:
[
[
"Gymnast",
false
],
[
"Sportsperson",
false
],
[
"Racer",
false
]
]DataWeave Script:
%dw 2.0
output application/json
import * from dw::util::Values
---
payload mask 1 with falseDataWeave Playground Snap:
Conclusion
Well that’s all folks! Together we have looked at two functions to help us achieve confidentiality through masking. Let me know what you think and for any query reach out to me on LinkedIn: https://www.linkedin.com/in/faizan-a-7aa07a15a/
