Skip to main content

Ansible Anonymizer

Project description

https://img.shields.io/pypi/v/ansible-anonymizer.svg https://github.com/ansible/anonymizer/actions/workflows/tox.yml/badge.svg

Library to clean up Ansible tasks from any Personally Identifiable Information (PII)

  • Free software: Apache Software License 2.0

Anonymized fields

  • Credit Card number

  • email address

  • IP address

  • MAC address

  • US SSN

  • US phone number

  • YAML comment

  • password value, when the field name is identified as being sensitive

  • user name from home directory path

Usage

The library can be used to remove the PII from a multi level structure:

from ansible_anonymizer.anonymizer import anonymize_struct

example = [{"name": "foo bar", "email": "my-email@address.com"}]

anonymize_struct(example)
# [{'name': 'foo bar', 'email': 'noah2@example.com'}]

But you can also anonymize a block of text:

from ansible_anonymizer.anonymizer import anonymize_text_block

some_text = """
- name: a task
  a_module:
    secret: foobar
"""

anonymize_text_block(some_text)
# '\n- name: a task\n  a_module:\n    secret: "{{ secret }}"\n'

You can also use the ansible-anonymizer command:

ansible-anonymizer my-secret-file

Customize the anonymized strings

By default, the variables are anonymized with a string based on the name of the field. You can customize it with the value_template parameter:

from ansible_anonymizer.anonymizer import anonymize_struct
from string import Template

original = {"password": "$RvEDSRW#R"}
value_template = Template("_${variable_name}_")
anonymize_struct(original, value_template=value_template)
#  {'password': '_password_'}

Limitations

  • anonymize_text_block() relies on its own text parser which only support a subset of YAML features. Because of this, it may not be able to identify some PII. When possible, use anonymize_struct which accepts a Python structure instead.

  • The Anonymizer is not a silver bullet and it’s still possible to see PII going through the filters.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ansible-anonymizer-1.5.0.tar.gz (23.9 kB view hashes)

Uploaded Source

Built Distribution

ansible_anonymizer-1.5.0-py3-none-any.whl (13.6 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page