A command-line tool for using the Anon AI web service.
The Anon AI Toolbelt is a command line interface (CLI) tool for managing and anonymising data with the Anon AI web service.
Install using pip into a Python3 environment:
pip install anon-ai-toolbelt
Note that the toolbelt only works with Python3 and installs dependencies including the Python Cryptography Toolkit.
The primary workflow is for a data controller to push data into the system and then for data processors to pull the data down in anonymised form.
Login with your API credentials (writes to ~/.config/anon.ai/config.json):
anon login > key: ... > secret: ...
Push a data snapshot up to ingest and store it.
anon push foo.dump mydb
When ingesting structured data you should specify the data format:
anon push foo.dump mydb --format postgres
In this example, mydb is an arbitrary resource name that you use to identify this ingested data source. Subsequent pushes to the same name are usually used to store a new snapshot of the same file or database.
The stored data is encrypted using AES-256 with a per-account encryption key that lives in (and never leaves) a secure vault. You can also optionally provide your own encryption key:
anon push foo.dump mydb --encryption-key LONG_RANDOM_STRING
- your encryption key is never persisted in our system – so you have to manage it and give it to any users that you want to share anonymised data with
- there’s no strict requirement on length or format for your encryption key value (we SHA-256 hash it along with your per-account encryption key) but we recommend at least 16 bytes entropy
Pull down an anonymised copy of an ingested data snapshot:
anon pull mydb foo.dump
Optionally provide an encryption key (to decrypt the stored data with) and / or configure how you’d like it anonymised:
anon pull mydb foo.dump --config config.json --encryption-key ...
Pipe data through to anonymise it:
anon pipe http://humanstxt.org/humans.txt /tmp/humans.anon.txt
This parses, analyses and anonymises the data on the fly, i.e.: without persisting it. The data source must currently be a URL.
You can pull specific snapshot versions by targeting them by name:
anon pull mydb --snapshot someid
You can also push snapshots up with a specific name:
anon push foo.sql mydb --snapshot someid
Enable bash completion by adding the following to your .bashrc:
eval "$(_ANON_COMPLETE=source anon)"
If you use zsh, you can emulate bash completion by first adding bashcompinit to your .zshrc:
autoload bashcompinit bashcompinit eval "$(_ANON_COMPLETE=source anon)"
For more information see Anon AI.