我的书签
添加书签
移除书签Field masking
Field masking works alongside field-level security on the same per-role, per-index basis. You can allow certain roles to see sensitive fields in plain text and mask them for others. A search result with a masked field might look like this:
You set the salt (a random string used to hash your data) in :
You configure field masking using OpenSearch Dashboards, roles.yml, or the REST API.
- Choose a role.
- Choose an index permission.
- For Anonymization, specify one or more fields and press Enter.
See Create role.
To specify a different algorithm, add it after the masked field:
Rather than creating a hash, you can use one or more regular expressions and replacement strings to mask a field. The syntax is . If you use multiple regular expressions, the results are passed from left to right, like piping in a shell:
The read history feature lets you track read access to sensitive fields in your documents. For example, you might track access to the email field of your customer records. Access to masked fields are excluded from read history, because the user only saw the hash value, not the clear text value of the field.
