-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(data_masking): add new sensitive data masking utility #2197
Conversation
Thanks a lot for your first contribution! Please check out our contributing guidelines and don't hesitate to ask whatever you need. |
Hi @seshubaws! Thank you so much for submitting this PR and for all the work put into it, this feature is a real improvement on the project as we certainly have a lot of customers who want it. The CI is failing for some reason that I haven't looked into yet, but at this point I see room for us to improve on the following and make the developer/user experience even better:
I'm really excited to move forward with this PR. Would you rather I convert the draft to "Ready" and push some commits, or do I review and make some suggestions for you to work on? |
Hey @leandrodamascena, thanks for the comments! I just got back from PTO, I'll start working on revising this to be in smaller files like base.py, provider.py, etc. but you can convert this draft to Ready and push some commits as well! |
Hey all, I'm running into some confusing when trying to mock tests for the AWS Encryption SDK. I tried using Stubber to stub a KMS key, but the encryption SDK doesn’t accept that mock key to actually encrypt anything, and Stubber doesn't accept the SDK as a client since it’s not an AWS service, just an SDK. Are there are any examples on how to mock this SDK? Outside sources say try using the moto library, but I don't want to bring in more dependencies unless strictly necessary. @heitorlessa @rubenfonseca any thoughts on this? |
…from AWS SDK Encryption lib
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #2197 +/- ##
===========================================
- Coverage 96.13% 95.88% -0.26%
===========================================
Files 186 193 +7
Lines 8131 8241 +110
Branches 1525 1536 +11
===========================================
+ Hits 7817 7902 +85
- Misses 252 276 +24
- Partials 62 63 +1 ☔ View full report in Codecov by Sentry. |
Kudos, SonarCloud Quality Gate passed! |
Hello @justinhauer! We are merging this PR today and hope to release this feature in our next release - next week. We still have some work to do, mainly on the documentation side, but this is one of the main Powertools news this year and I'm happy that you already have some cases to use it! As soon as we officially release this utility, I will ping you. Thanks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @seshubaws, I have no words to describe the amount of great work you've done here. Implementing a utility that handles encryption, keys, key material, and a complex SDK is not simple at all!
I'm approving this PR and let start writing the documentation. We will probably detect some user experience improvements, but they are more cosmetic changes than logical ones.
This is AWESOME - echoing what Leandro said about the effort. I know we'll make more internal changes to get to an unwritten standard yet but that shouldn't be a blocking factor. A few major pieces we should handle in a separate PR before we release this feature:
|
Forgot two things.. @leandrodamascena we're gonna need a new label for this new feature to track future changes (changelog, issues, effort, etc.), and update our issue template as well as workflow that labels PRs based on title ;) @seshubaws you took one of the hardest roadmap items and I can't begin to appreciate your resiliency throughout this long review cycle. I hope you learned a thing or two along the way too <3 Merging.. |
|
Awesome work, congrats on your first merged pull request and thank you for helping improve everyone's experience! |
This is great, thank you and others for all the great work in this project. |
Issue number:
#1858
Summary
Changes
As per the above RFC and this issue: #1173, this is the initial PR for adding a data masker for sensitive information like PII into Powertools.
This feature is meant to mask, encrypt, and decrypt any and all data types entirely, or if provided a list of keys for a given dictionary (even nested keys), it has the ability to mask, encrypt, and decrypt the corresponding values in the dictionary.
In this PR, there are additions for:
NOTE: Measured latency for encrypting and decrypting nested fields in a 10KB json blob, came out to 5ms.
User experience
This would be a new feature, so before a user would have to implement this logic themselves.
AFTER
Checklist
If your change doesn't seem to apply, please leave them unchecked.
Is this a breaking change?
RFC issue number:
Checklist:
Acknowledgment
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.