No description
Find a file
2024-02-01 09:19:37 -05:00
.github Configure sonarcloud 2023-08-14 14:07:16 +02:00
ansible_anonymizer bump the version to 1.5.0 2024-02-01 09:19:37 -05:00
tests handle multiline blocks 2024-02-01 07:49:24 -05:00
.editorconfig import of the skeleton 2023-03-10 09:59:31 -05:00
.gitignore import of the skeleton 2023-03-10 09:59:31 -05:00
.gitleaks.toml .gitleaks.toml: add a missing comma 2023-05-24 18:21:23 -04:00
.pre-commit-config.yaml generalize the use of hide_secrets() 2023-06-13 12:46:54 -04:00
CHANGELOG.rst prepare 1.5.0 release 2024-02-01 08:55:19 -05:00
CONTRIBUTING.rst rename the package to ansible_anonymizer 2023-03-23 11:06:37 -04:00
HISTORY.rst remove the docs/ directory 2023-03-10 09:59:31 -05:00
LICENSE flake8/pylint/import order 2023-03-22 11:51:52 -04:00
MANIFEST.in MANIFEST.in: clean up some unused files 2023-04-05 14:12:56 -04:00
pyproject.toml tox: add a target for pyright 2024-02-01 08:43:09 -05:00
README.rst README: list the fields that anonymized 2023-08-14 14:07:34 +02:00
sonar-project.properties fail sonarcloud check on quality gate 2023-08-24 12:41:22 +02:00
tox.ini tox: add a target for pyright 2024-02-01 08:43:09 -05:00

==========
Anonymizer
==========


.. image:: https://img.shields.io/pypi/v/ansible-anonymizer.svg
        :target: https://pypi.python.org/pypi/ansible-anonymizer
.. image:: https://github.com/ansible/anonymizer/actions/workflows/tox.yml/badge.svg
        :target: https://github.com/ansible/anonymizer/actions



Library to clean up Ansible tasks from any Personally Identifiable Information (PII)


* Free software: Apache Software License 2.0

Anonymized fields
-----------------

- Credit Card number
- email address
- IP address
- MAC address
- US SSN
- US phone number
- YAML comment
- password value, when the field name is identified as being sensitive
- user name from home directory path

Usage
-----

The library can be used to remove the PII from a multi level structure:

.. code-block:: python

    from ansible_anonymizer.anonymizer import anonymize_struct

    example = [{"name": "foo bar", "email": "my-email@address.com"}]

    anonymize_struct(example)
    # [{'name': 'foo bar', 'email': 'noah2@example.com'}]

But you can also anonymize a block of text:

.. code-block:: python

    from ansible_anonymizer.anonymizer import anonymize_text_block

    some_text = """
    - name: a task
      a_module:
        secret: foobar
    """

    anonymize_text_block(some_text)
    # '\n- name: a task\n  a_module:\n    secret: "{{ secret }}"\n'

You can also use the ``ansible-anonymizer`` command:

.. code-block:: console

   ansible-anonymizer my-secret-file

Customize the anonymized strings
================================

By default, the variables are anonymized with a string based on the name of the field.
You can customize it with the ``value_template`` parameter:

.. code-block:: python

    from ansible_anonymizer.anonymizer import anonymize_struct
    from string import Template

    original = {"password": "$RvEDSRW#R"}
    value_template = Template("_${variable_name}_")
    anonymize_struct(original, value_template=value_template)
    #  {'password': '_password_'}


Limitations
-----------

- ``anonymize_text_block()`` relies on its own text parser which only support a subset of YAML features. Because of this, it may not be able to identify some PII. When possible, use ``anonymize_struct`` which accepts a Python structure instead.
- The Anonymizer is not a silver bullet and it's still possible to see PII going through the filters.