Ansible Anonymizer
Project description
Library to clean up Ansible tasks from any Personally Identifiable Information (PII)
Free software: Apache Software License 2.0
Anonymized fields
Credit Card number
email address
IP address
MAC address
US SSN
US phone number
YAML comment
password value, when the field name is identified as being sensitive
user name from home directory path
Usage
The library can be used to remove the PII from a multi level structure:
from ansible_anonymizer.anonymizer import anonymize_struct
example = [{"name": "foo bar", "email": "my-email@address.com"}]
anonymize_struct(example)
# [{'name': 'foo bar', 'email': 'noah2@example.com'}]
But you can also anonymize a block of text:
from ansible_anonymizer.anonymizer import anonymize_text_block
some_text = """
- name: a task
a_module:
secret: foobar
"""
anonymize_text_block(some_text)
# '\n- name: a task\n a_module:\n secret: "{{ secret }}"\n'
You can also use the ansible-anonymizer command:
ansible-anonymizer my-secret-file
Customize the anonymized strings
By default, the variables are anonymized with a string based on the name of the field. You can customize it with the value_template parameter:
from ansible_anonymizer.anonymizer import anonymize_struct
from string import Template
original = {"password": "$RvEDSRW#R"}
value_template = Template("_${variable_name}_")
anonymize_struct(original, value_template=value_template)
# {'password': '_password_'}
Limitations
anonymize_text_block() relies on its own text parser which only support a subset of YAML features. Because of this, it may not be able to identify some PII. When possible, use anonymize_struct which accepts a Python structure instead.
The Anonymizer is not a silver bullet and it’s still possible to see PII going through the filters.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ansible_anonymizer-1.5.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 756501ee757d8efcb16340260952b7726a413521b006f30d0706b5bec807d74c |
|
MD5 | a28d119a8ee6ca921429999946e403d9 |
|
BLAKE2b-256 | 56911b7e0dd4ae4f7579f607e5fd71d226cb9faaf5298f8dbdc5b5641d8476fa |