Anonymization
DbToolsBundle provides a convinient way to anonymize data from your database.
After some configurations, launching vendor/bin/db-tools anonymizephp bin/console db-tools:anonymizedocker compose run dbtools anonymize will be all you need to replace sensitive data by random and/or hashed ones in your database.
With the Symfony bundle, there is two ways to tell DbToolsBundle how it should anonymize your data:
- you can use PHP attributes on Doctrine Entities' classes and properties
- you can declare it with a YAML file
TIP
DbToolsBundle does not only work with Doctrine Entities to anonymize data. You can use it with any database, all you need is a DBAL connection.
In such case, the YAML configuration is the only available option.
If Doctrine ORM is enabled, DbToolsBundle will automatically look for attributes on your entities. If you want to use YAML configuration, look at the Bundle Configuration section to see how to configure it.
INFO
All anonymizers can be configured via attributes on Doctrine ORM entities, but inheritance is not fully supported yet, please read this page for more information.
The anonymization is based on Anonymizers. An Anonymizer represents a way to anonymize a column (or multiple columns in certain cases). For example, you will use the EmailAnonymizer to anonymize a column that represents an email address.
Each Anonymizer could take options to specify how it should work.
In others word, all you need to do to configure Anonymization is map each column you want to anonymize with a specific anonymizer.
Example
The best way to understand how it works is to see a simple example: let's take an entity Customer.
This entity has several fields we want to anonymize, and others that we don't:
id: SerialemailAddress: An email address that we want to anonymizeage: An integer that we want to randomizelevel: A string ('none', 'bad', 'good' or 'expert') that we want to randomizesecret: A string that we want to hashlastLogin: A DateTime we want to keep intact
Here is how you can declare this configuration:
# db_tools.config.yaml
anonymization:
default:
customer:
email_address: email
level:
anonymizer: string
options: {sample: ['none', 'bad', 'good', 'expert']}
age:
anonymizer: integer
options: {min: 10, max: 99}
secret: md5
#...Here is how you can declare this configruation with PHP attributes and with YAML:
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
use MakinaCorpus\DbToolsBundle\Attribute\Anonymize;
#[ORM\Entity()]
#[ORM\Table(name: 'customer')]
class Customer
{
#[ORM\Id]
#[ORM\GeneratedValue]
#[ORM\Column]
private ?int $id = null;
#[ORM\Column(length: 180, unique: true)]
#[Anonymize(type: 'email')]
private ?string $emailAddress = null;
#[ORM\Column]
#[Anonymize(type: 'integer', options: ['min' => 10, 'max' => 99])]
private ?int $age = null;
#[ORM\Column(length: 255)]
#[Anonymize(type: 'string', options: ['sample' => ['none', 'bad', 'good', 'expert']])]
private ?string $level = null;
#[ORM\Column(length: 255)]
#[Anonymize(type: 'md5')]
private ?string $secret = null;
#[ORM\Column]
private ?\DateTime $lastLogin = null;
// ...
}# config/anonymization.yaml
customer:
email_address: email
level:
anonymizer: string
options: {sample: ['none', 'bad', 'good', 'expert']}
age:
anonymizer: integer
options: {min: 10, max: 99}
secret: md5
#...Multicolumn Anonymizers
Some Anonymizers are mutlicolumn. For example the AddressAnonymizer can, by himself, anonymize 6 columns.
Multicolumn anonymizers are usefull when you want to keep coherent data after anonymization.
# db_tools.config.yaml
anonymization:
default:
customer:
address:
target: table
anonymizer: address
options:
street_address: 'street'
secondary_address: 'street_address_2'
postal_code: 'zip_code'
locality: 'city'
region: 'region'
country: 'country'
#...When using PHP attributes, those anonymizers should be put on class:
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
use MakinaCorpus\DbToolsBundle\Attribute\Anonymize;
#[ORM\Entity()]
#[ORM\Table(name: 'customer')]
#[Anonymize(type: 'address', options: [
'street_address' => 'street',
'secondary_address' => 'street_second_line'
'postal_code' => 'zip_code',
'locality' => 'city',
'region' => 'region'
'country' => 'country',
])]
class Customer
{
// ...
#[ORM\Column(length: 255)]
private ?string $street = null;
#[ORM\Column(length: 255)]
private ?string $streetSecondLine = null;
#[ORM\Column(length: 255)]
private ?string $zipCode = null;
#[ORM\Column(length: 255)]
private ?string $city = null;
#[ORM\Column(length: 255)]
private ?string $region = null;
#[ORM\Column(length: 255)]
private ?string $country = null;
// ...
}# config/anonymization.yaml
customer:
address:
target: table
anonymizer: address
options:
street_address: 'street'
secondary_address: 'street_address_2'
postal_code: 'zip_code'
locality: 'city'
region: 'region'
country: 'country'
#...Going further
DbToolsBundle provides a bunch of Anonymizers that should cover most of your needs. You can find a complete description of each one of them in the next section.
You can also add Anonymizers from community packs. For example, to add the pack-fr-fr run:
composer require db-tools-bundle/pack-fr-frTIP
All official packs are included in the Docker image. No need to add them with a custom build.
If you can't find what you need from core anonymizers and in available packs, DbToolsBundle allows you to create your own Custom Anonymizers.
TIP
You can list all available Anonymizers with vendor/bin/db-tools anonymization:listphp bin/console db-tools:anonymization:listdocker compose run dbtools list command.