Skip to content

Sanitization policies

Skpr provides automated database backup & imaging tools using our MySQL Toolkit

Using environment configuration, you can configure how backups and images can be sanitized.

Methods

Profiles

Profiles are predefined rules curated by the Skpr platform team, which you can applied to your project.

Example

services:
  mysql:
    default:
      sanitize:
        backup:
          policy: drupal
        image:
          policy: drupal

Custom rules

There are 4 ways to customise this in your environment configuration:

  • nodata - A list of tables to only export the structure of, ignoring any data.
  • ignore - Tables to ignore entirely.
  • rewrite - Rewrite rules to apply to the tables, i.e username or email sanitization.
  • where - Conditional row rules to filter rows.

These rules can be optionally applied to the backup or image section under sanitize.

Example

services:
  mysql:
    default:
      sanitize:
        backup:
          rules:
            nodata:
              - table_with_structure_only_please
              - yeah_do_this_one_too
            ignore:
              - ignore_this_table
              - and_this_one
            rewrite:
              accounts:
                email: concat(id, "@sanitized")
                password: '"SANITIZED_PASSWORD"'
            where:
              some_table: revision_id IN (SELECT revision_id FROM another_table)

You can change these defaults by adding and modifying configuration found below to .skpr/defaults.yml or to the configuration file for each environment.

Available Profile(s)

Drupal

By default, our Drupal policy will automatically be applied to all of Drupal's MySQL images when they are created. This can happen when a developer triggers this process using skpr mysql image create or when the image schedule creates it. This policy will not automatically be applied to your backup.

---
nodata:
  - "cache*"
  - "captcha_sessions"
  - "history"
  - "flood"
  - "batch"
  - "queue"
  - "sessions"
  - "semaphore"
  - "search_api_task"
  - "search_dataset"
  - "search_index"
  - "search_total"
  - "webform_submission"
  - "webform_submission_data"
  - "webform_submission_log"
ignore: 
  - "__ACQUIA_MONITORING__"
rewrite:
  # Drupal 8.
  - users_field_data:
      mail: "concat(uid, \"@localhost\")"
      pass: "\"password\""
  # Drupal 7.
  - users: 
      mail: "concat(uid, \"@localhost\")"
      init: "concat(uid, \"@localhost\")"
      pass: "\"password\""

More Information