Masking Policy

Masking is the process of transforming sensitive or personally identifiable information (PII) so that it is no longer visible in its original form.

It allows developers to work with realistic datasets while ensuring that sensitive data is protected.

• A masking rule applies a transformation to a column in a database table.
  For example, you might replace all user names with a fixed value like "John Doe".
• Masking is consistent: A given value X will always be transformed into the same value Y across all tables and databases.
  
• Primary key columns cannot be masked. Make sure no sensitive data is stored in any primary key.

Detecting and Configuring Masking Rules

To help you decide what to mask and how, Baseshift offers two approaches:

• The built-in PII scanner automatically detects sensitive columns and suggests appropriate masking rules.
• You can also directly configure masking rules, through the UI or the API, giving you full control over how specific columns are transformed.

Together, these approaches help you quickly define a masking policy that balances automation with precision and oversight.