Strike: Obfuscate Mysql Database

The data you store on your database will likely consist of customer data. This data is valuable not only to you, but to other people too.

If you work in the finance, healthcare or MoD sector then you have to be really careful to ensure this data does not get into the wrong hands.

How can you do this if you need your team working with real data due to some obscure bug.

Solution: Obfuscate your database.

This means changing all personally identifiable data before it gets onto any local environments.

Strike

Info a ruby gem

Command line script to generate mysql dump with encrypted data. This is a wrapper around the my_obfuscate gem.

You create the profiles you want to obfuscate data with and then run it on a mysql database producing a mysqldump or against an existing mysqldump.

Manual use

Get a Mysqldump of a live database running obfuscation.
strike dump mysql://username:password@localhost/db_production --profile=tables.rb > obfuscated_dump.sql

Get a new Mysqldump of an existing mysqldump runningobfuscation.
cat original_dump.sql | strike obfuscate --profile=tables.rb > obfuscated_dump.sql

Profiler

Creating your own profile is easy. They give an example on their website and looking at the my_obfuscate gem you can see many more options.

Creating your own function then gives you lots of power to really return the type of data you want.

Below is my example:

Make this a simple bash command

For my use I only run strike against backup mysqldumps.

Note: If you do run against your own backups, ensure that you mysqldump with -c option

mysqldump -c --hex-blob -uroot -proot mydb > mydump.sql

These scripts I built make it easy to setup your environment so that the following command will obfuscate any backup you wish.

Strike Bash

So you can now run this to obfuscate your dumps

obfuscate mydump.sql

Hope this script helps others out there

2 comments for “Strike: Obfuscate Mysql Database

  1. dan
    May 28, 2018 at 11:55 am

    Hello,

    is it possible to truncate whole table using Strikefile?

  2. GlynRob
    November 4, 2018 at 5:09 pm

    Yes. You can decide to keep all the data from a table, or truncate the whole table with Strike
    Examples:
    :’public.my_table_to_keep’ => :keep,
    :’public.my_table_to_truncate’ => :truncate,

Leave a Reply

Your email address will not be published. Required fields are marked *