Data masking concepts, methods, and types
Use HCL OneTest™ API to add a data mask to particular fields in recorded messages that may contain sensitive data. When you add a mask, you prevent that sensitive data from appearing in any assets created from those messages, such as tests, test data, stubs, and data models.
Data masking in HCL OneTest™ API is a form of data substitution. You replace data in specified fields with other non-sensitive versions of that data. Replacement values can be generated in a number of ways and HCL OneTest™ API will ensure that these replacement values are used consistently within your project.
Consider the example of an airline booking system that passes credit card numbers among different services. If you are using dummy data to test the booking system, visibility of certain data may not matter. However, if you are creating a test data set from data recording in a production system, the inclusion of certain real data, such as credit card numbers, could be a problem.
Data masking concepts
The following table outlines key data masking concepts in HCL OneTest™ API.
Concept | Description |
---|---|
Integrity |
Integrity provides you with the capability to replace data in a masked field consistently across multiple messages and message types within a HCL OneTest™ API user interface session. Consider the following scenario:
|
Integrity map |
When the Recording Studio perspective is used with data masks, the value in a message and a corresponding label is examined to determine whether this combination has been masked already:
|
Data masking methods
HCL OneTest™ API supports the following methods of replacing data in fields.
Method | Description |
---|---|
Fixed value substitution |
This is a simple and straightforward method where you enter a value to mask the "real value" of a field. The value will replace any data recorded for that field. |
Data source substitution |
This method uses a reference to a data source, such as a Microsoft™ Excel spreadsheet or a .csv file, to supply a list of values that can be used to replace recorded data. This method can be configured
to allow substitutions in either of the following two ways:
The default behavior of this method is as follows:
|
Automatic value creation |
This method involves creating a regular expression (Regex) or using an existing one, which HCL OneTest™ API uses to create new values that match that expression. For example, to replace a credit card number, you can specify that a Regex generates a new 16-digit number. As with data source substitution, this method can be set up to maintain data integrity by ensuring that the same original values are always replaced with the same substitutions every time. |
Data mask types
- A schema specific data masks applies when recording messages that are known to be from a particular schema.
- In contrast, creating a non-schema specific data mask involves defining a rule or path that is matched across all message elements.
The following table outlines which perspectives and views in HCL OneTest™ API are used to create, view, modify, and delete schema specific and non-schema specific data masks.
Perspective, view | Schema specific | Non-schema specific |
---|---|---|
Architecture School, Schema Library |
Create, view, modify, delete |
(Not applicable) |
Architecture School, Rule Cache |
(Not applicable) |
View, modify, delete |
Recording Studio |
Create, view, delete |
Create, view, delete |