Data Masking (GDPR)
ProSanitize personally identifiable information (PII) like emails, SSNs, credit cards, or custom fields from request logs at the edge before storage.
Keep Logs GDPR and HIPAA Compliant
Logs are essential for debugging, but storing user passwords, authentication headers, emails, or medical data poses compliance risks. Data Masking filters request queries, request bodies, response bodies, and headers at the edge node, replacing sensitive fields with placeholders before logs are committed to disk.
Dashboard Setup & Configuration
Configure GDPR Data Masking rules directly in the EdgeWrap Dashboard:
- Navigate to your project in the dashboard at
https://app.edgewrap.pro. - Go to the Security page and select the Data Masking tab.
- Click the Add Privacy Mask button.
- Define the Path Pattern: (e.g.
/api/v1/users/*). - Enter the JSON Field Name: the target key in request or response JSON payloads to sanitize (e.g.,
password,email). - Select the Mask Type:
- Redact All: Replaces the value entirely with a generic redaction label.
- Strip Field: Deletes the key-value pair from the log object.
- SHA-256 Hash: Encrypts the value using SHA-256 (useful for checking duplicates without saving plaintext).
- Partial Reveal: Masks the middle characters but leaves the starting/ending characters visible (e.g., for credit cards or phone numbers).
- Toggle the rule to Enabled and click Save Mask.
API Configuration
Alternatively, you can manage your Data Masking rules programmatically:
| Param | Type | Description |
|---|---|---|
| pathPattern | string | Glob path pattern to apply masking to. |
| jsonFieldName | string | JSON field key name in payloads to scan and mask. |
| maskType | enum | redact_all | strip_field | sha256_hash | partial_reveal_ends |
| isEnabled | boolean | Whether the mask rule is active.(default: true) |
Configure log masking rules via API
curl -X POST https://server.edgewrap.pro/v1/projects/prj_01jxyz/privacy/masking \
-H "Authorization: Bearer <your_session_token>" \
-H "Content-Type: application/json" \
-d '{
"pathPattern": "/api/v1/users/*",
"jsonFieldName": "email",
"maskType": "sha256_hash",
"isEnabled": true
}'Note: Data masking is executed inside the edge proxy memory buffer and only affects saved analytics logs. The request payload forwarded to your origin server remains untouched.