Edge Delta Mask Node

Mask values in logs using the Edge Delta Mask Node.

Overview

The mask node replaces values that match a regex pattern with a set of characters such as ******. You can use it to obfuscate sensitive data.

Example Configuration

In the following configuration, the capture group named pw will be replaced with the characters specified in mask: "******".

nodes:
  - name: mask_password
    type: mask
    pattern: 'password:\s*(?P<pw>\w+)'
    capture_group_masks:
      - capture_group: pw
        mask: "******"

Required Parameters

name

A descriptive name for the node. This is the name that will appear in Visual Pipelines and you can reference this node in the yaml using the name. It must be unique across all nodes. It is a yaml list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.

nodes:
  - name: <node name>
    type: <node type>

type: log_to_pattern

The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.

nodes:
  - name: <node name>
    type: <node type>

pattern

The pattern parameter is used to identify the values that should be masked. It is specified as a regex pattern string. A pattern or a predefined_pattern is required.

nodes:
  - name: <node name>
    type: mask
    pattern: <regex pattern>

Optional Parameters

mask

The mask parameter is used to define the characters that should be used to obfuscate the masked data. It is specified as a string and the default is ******. It is optional.

nodes:
  - name: <node name>
    type: mask
    pattern: <regex pattern>
    mask: <masking characters>

capture_group_masks

The capture_group_masks parameter is used to replace any match of a capture group with a given map. It is specified with a child parameter for each group specifying the capture_group and a mask for the group. It is optional.

nodes:
  - name: mask_password
    type: mask
    pattern: 'password:\s*(?P<pw>\w+)'
    capture_group_masks:
      - capture_group: pw
        mask: "******"