< Back
Invoke-DbaDbDataMasking
Post
NAME Invoke-DbaDbDataMasking
SYNOPSIS
Masks data by using randomized values determined by a configuration file and a randomizer framework
SYNTAX
Invoke-DbaDbDataMasking [[-SqlInstance] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
[[-SqlCredential] <Pscredential>] [[-Database] <System.String[]>] [-FilePath] <System.Object> [[-Locale] <String>]
[[-CharacterString] <String>] [[-Table] <System.String[]>] [[-Column] <System.String[]>] [[-ExcludeTable]
<System.String[]>] [[-ExcludeColumn] <System.String[]>] [[-Query] <String>] [[-MaxValue] <Int>] [[-ModulusFactor]
<Int>] [-ExactLength <Switch>] [[-ConnectionTimeout] <Int>] [[-CommandTimeout] <Int>] [[-DictionaryFilePath]
<System.String[]>] [[-DictionaryExportPath] <String>] [-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
TMasks data by using randomized values determined by a configuration file and a randomizer framework
It will use a configuration file that can be made manually or generated using New-DbaDbMaskingConfig
Note that the following column and data types are not currently supported:
Identity
ForeignKey
Computed
Hierarchyid
Geography
Geometry
Xml
PARAMETERS
-CharacterString [<String>]
The characters to use in string data. 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' by
default
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Column [<System.String[]>]
Columns to process. By default all the columns will be processed
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-CommandTimeout [<Int>]
Timeout for the database connection in seconds. Default is 300.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ConnectionTimeout [<Int>]
Timeout for the database connection in seconds. Default is 0
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Database [<System.String[]>]
Databases to process through
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-DictionaryExportPath [<String>]
Export the dictionary to the given path. Naming convention will be
[computername]_[instancename]_[database]_Dictionary.csv
Be careful with this feature, this export is the key to get the original values which is a security risk!
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-DictionaryFilePath [<System.String[]>]
Import the dictionary to be used in in the database masking
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExactLength [<Switch>]
Mask string values to the same length. So 'Tate' will be replaced with 4 random characters.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeColumn [<System.String[]>]
Exclude specific columns even if it's listed in the config file.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeTable [<System.String[]>]
Exclude specific tables even if it's listed in the config file.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-FilePath [<System.Object>]
Configuration file that contains the which tables and columns need to be masked
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Locale [<String>]
Set the local to enable certain settings in the masking
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-MaxValue [<Int>]
Force a max length of strings instead of relying on datatype maxes. Note if a string datatype has a lower
MaxValue, that will be used instead.
Useful for adhoc updates and testing, otherwise, the config file should be used.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ModulusFactor [<Int>]
Calculating the next nullable by using the remainder from the modulus. Default is every 10.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Query [<String>]
If you would like to mask only a subset of a table, use the Query parameter, otherwise all data will be masked.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The target SQL Server instance or instances.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Table [<System.String[]>]
Tables to process. By default all the tables will be processed
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: Masking, DataMasking
Author: Sander Stad (@sqlstad, sqlstad.nl) | Chrissy LeMaire (@cl, netnerds.net)
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Invoke-DbaDbDataMasking -SqlInstance SQLDB2 -Database DB1 -FilePath C:\\Temp\\sqldb1.db1.tables.json
Apply the data masking configuration from the file "sqldb1.db1.tables.json" to the db1 database on sqldb2. Prompt
for confirmation for each table.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-ChildItem -Path C:\\Temp\\sqldb1.db1.tables.json | Invoke-DbaDbDataMasking -SqlInstance SQLDB2 -Database
DB1 -Confirm:$false
Apply the data masking configuration from the file "sqldb1.db1.tables.json" to the db1 database on sqldb2. Do not
prompt for confirmation.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>New-DbaDbMaskingConfig -SqlInstance SQLDB1 -Database DB1 -Path C:\\Temp\\clone -OutVariable file
$file | Invoke-DbaDbDataMasking -SqlInstance SQLDB2 -Database DB1 -Confirm:$false
Create the data masking configuration file "sqldb1.db1.tables.json", then use it to mask the db1 database on
sqldb2. Do not prompt for confirmation.
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Get-ChildItem -Path C:\\Temp\\sqldb1.db1.tables.json | Invoke-DbaDbDataMasking -SqlInstance SQLDB2, sqldb3
-Database DB1 -Confirm:$false
See what would happen if you the data masking configuration from the file "sqldb1.db1.tables.json" to the db1
database on sqldb2 and sqldb3. Do not prompt for confirmation.
RELATED LINKS
https://dbatools.io/Invoke-DbaDbDataMasking
SYNOPSIS
Masks data by using randomized values determined by a configuration file and a randomizer framework
SYNTAX
Invoke-DbaDbDataMasking [[-SqlInstance] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
[[-SqlCredential] <Pscredential>] [[-Database] <System.String[]>] [-FilePath] <System.Object> [[-Locale] <String>]
[[-CharacterString] <String>] [[-Table] <System.String[]>] [[-Column] <System.String[]>] [[-ExcludeTable]
<System.String[]>] [[-ExcludeColumn] <System.String[]>] [[-Query] <String>] [[-MaxValue] <Int>] [[-ModulusFactor]
<Int>] [-ExactLength <Switch>] [[-ConnectionTimeout] <Int>] [[-CommandTimeout] <Int>] [[-DictionaryFilePath]
<System.String[]>] [[-DictionaryExportPath] <String>] [-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
TMasks data by using randomized values determined by a configuration file and a randomizer framework
It will use a configuration file that can be made manually or generated using New-DbaDbMaskingConfig
Note that the following column and data types are not currently supported:
Identity
ForeignKey
Computed
Hierarchyid
Geography
Geometry
Xml
PARAMETERS
-CharacterString [<String>]
The characters to use in string data. 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' by
default
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Column [<System.String[]>]
Columns to process. By default all the columns will be processed
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-CommandTimeout [<Int>]
Timeout for the database connection in seconds. Default is 300.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ConnectionTimeout [<Int>]
Timeout for the database connection in seconds. Default is 0
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Database [<System.String[]>]
Databases to process through
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-DictionaryExportPath [<String>]
Export the dictionary to the given path. Naming convention will be
[computername]_[instancename]_[database]_Dictionary.csv
Be careful with this feature, this export is the key to get the original values which is a security risk!
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-DictionaryFilePath [<System.String[]>]
Import the dictionary to be used in in the database masking
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExactLength [<Switch>]
Mask string values to the same length. So 'Tate' will be replaced with 4 random characters.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeColumn [<System.String[]>]
Exclude specific columns even if it's listed in the config file.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeTable [<System.String[]>]
Exclude specific tables even if it's listed in the config file.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-FilePath [<System.Object>]
Configuration file that contains the which tables and columns need to be masked
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Locale [<String>]
Set the local to enable certain settings in the masking
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-MaxValue [<Int>]
Force a max length of strings instead of relying on datatype maxes. Note if a string datatype has a lower
MaxValue, that will be used instead.
Useful for adhoc updates and testing, otherwise, the config file should be used.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ModulusFactor [<Int>]
Calculating the next nullable by using the remainder from the modulus. Default is every 10.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Query [<String>]
If you would like to mask only a subset of a table, use the Query parameter, otherwise all data will be masked.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The target SQL Server instance or instances.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Table [<System.String[]>]
Tables to process. By default all the tables will be processed
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: Masking, DataMasking
Author: Sander Stad (@sqlstad, sqlstad.nl) | Chrissy LeMaire (@cl, netnerds.net)
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Invoke-DbaDbDataMasking -SqlInstance SQLDB2 -Database DB1 -FilePath C:\\Temp\\sqldb1.db1.tables.json
Apply the data masking configuration from the file "sqldb1.db1.tables.json" to the db1 database on sqldb2. Prompt
for confirmation for each table.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-ChildItem -Path C:\\Temp\\sqldb1.db1.tables.json | Invoke-DbaDbDataMasking -SqlInstance SQLDB2 -Database
DB1 -Confirm:$false
Apply the data masking configuration from the file "sqldb1.db1.tables.json" to the db1 database on sqldb2. Do not
prompt for confirmation.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>New-DbaDbMaskingConfig -SqlInstance SQLDB1 -Database DB1 -Path C:\\Temp\\clone -OutVariable file
$file | Invoke-DbaDbDataMasking -SqlInstance SQLDB2 -Database DB1 -Confirm:$false
Create the data masking configuration file "sqldb1.db1.tables.json", then use it to mask the db1 database on
sqldb2. Do not prompt for confirmation.
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Get-ChildItem -Path C:\\Temp\\sqldb1.db1.tables.json | Invoke-DbaDbDataMasking -SqlInstance SQLDB2, sqldb3
-Database DB1 -Confirm:$false
See what would happen if you the data masking configuration from the file "sqldb1.db1.tables.json" to the db1
database on sqldb2 and sqldb3. Do not prompt for confirmation.
RELATED LINKS
https://dbatools.io/Invoke-DbaDbDataMasking