Data Masking in AssignMessage Policy

Not applicable

I have successfully implemented Data masking for password variable in one of my API. However, I have one step in my flow to display full body of my request content via AssignMessage policy. When I validate my trace session data, I see that in output of that step, data is not masked for that variable. Is there a way to mask that variable in this debug step (AssignMessage)

Thanks

0 6 539
6 REPLIES 6

@Nafis Patel , Welcome to Apigee Community 🙂 Is your request JSON / XML ? Did you get a chance to refer documentation here ?

Yes and in my debug session I am able to see following

<Point id="DebugMask"> <DebugInfo> <Timestamp>13-10-15 21:21:44:468</Timestamp> <Properties> <Property name="SuccessFullyMaskedConfigs">[xxxnumber, $.xxxNumber, $.xxxNumber]</Property> </Properties> </DebugInfo> </Point>

request is JSON

but in one of the assignMessage policy, which actually prints full message body, xxxNumber is not masked. That is the only place it is not masked.

sarthak
Participant V

Hi @Nafis Patel Data Masking is for masking the data only at Trace. It is not actually encrypting/masking the data.

So if the specific data which you are outputting via Trace is not masked it will be visible in Trace.

If you need to encrypt the data , I would suggest doing that using one of the extension languages like java/python etc.

Hi @Nafis Patel,

As @sarthak has mentioned, masking functionality is only to mask the data displayed at trace. Actual data is still assigned to those variables. Another point is data is masked only for specified variable. In case, data has been copied to multiple variables, All such variables need to be specified.

For printing / logging such variables; create a temporary variable, assign that specific variable as "******" and log this newly created variable.

Cheers, Rajesh Doda

@rdoda @sarthak

My requirement is to mask data not encrypt it. I like @rdoda's approach better and I think it should work. Will try it out and update.

Thanks

@rdodaConsider following code in AssignMessage Policy.

<AssignVariable> <Name>debug.request</Name> <Value/> <Ref>request.content</Ref> </AssignVariable>

At this point request.content is json payload which contains key that I want to mask. That key is same name that I have defined in my data mask configuration. In other places during flow, that variable key is correctly masked in trace. But in trace session, debug.request is showing full json value where that key is not masked. Can you think of any way to define mask configuration that can mask debug.request.xxxNumber. I obviously tried in my mask configuration

<JSONPathRequest>$.debug.request.xxxNumber</JSONPathRequest>

Thanks