ansible-anonymizer

1.5.0last stable release 1 year ago
Complexity Score
Low
Open Issues
0
Dependent Projects
0
Weekly Downloadsglobal
1,156

Keywords

License

  • Apache-2.0
    • Yesattribution
    • Permissivelinking
    • Permissivedistribution
    • Permissivemodification
    • Yespatent grant
    • Yesprivate use
    • Permissivesublicensing
    • Notrademark grant

Downloads

Readme

========== Anonymizer

.. image:: https://img.shields.io/pypi/v/ansible-anonymizer.svg :target: https://pypi.python.org/pypi/ansible-anonymizer .. image:: https://github.com/ansible/anonymizer/actions/workflows/tox.yml/badge.svg :target: https://github.com/ansible/anonymizer/actions

Library to clean up Ansible tasks from any Personally Identifiable Information (PII)

  • Free software: Apache Software License 2.0

Anonymized fields

  • Credit Card number
  • email address
  • IP address
  • MAC address
  • US SSN
  • US phone number
  • YAML comment
  • password value, when the field name is identified as being sensitive
  • user name from home directory path

Usage

The library can be used to remove the PII from a multi level structure:

.. code-block:: python

from ansible_anonymizer.anonymizer import anonymize_struct

example = [{"name": "foo bar", "email": "my-email@address.com"}]

anonymize_struct(example)
# [{'name': 'foo bar', 'email': 'noah2@example.com'}]

But you can also anonymize a block of text:

.. code-block:: python

from ansible_anonymizer.anonymizer import anonymize_text_block

some_text = """
- name: a task
  a_module:
    secret: foobar
"""

anonymize_text_block(some_text)
# '\n- name: a task\n  a_module:\n    secret: "{{ secret }}"\n'

You can also use the ansible-anonymizer command:

.. code-block:: console

ansible-anonymizer my-secret-file

Customize the anonymized strings

By default, the variables are anonymized with a string based on the name of the field. You can customize it with the value_template parameter:

.. code-block:: python

from ansible_anonymizer.anonymizer import anonymize_struct
from string import Template

original = {"password": "$RvEDSRW#R"}
value_template = Template("_${variable_name}_")
anonymize_struct(original, value_template=value_template)
#  {'password': '_password_'}

Limitations

  • anonymize_text_block() relies on its own text parser which only support a subset of YAML features. Because of this, it may not be able to identify some PII. When possible, use anonymize_struct which accepts a Python structure instead.
  • The Anonymizer is not a silver bullet and it’s still possible to see PII going through the filters.

Dependencies

CVE IssuesActive
0
Scorecards Score
No Data
Test Coverage
No Data
Follows Semver
Yes
Github Stars
4
Dependenciestotal
1
DependenciesOutdated
0
DependenciesDeprecated
0
Threat Modelling
No
Repo Audits
No

Learn how to distribute ansible-anonymizer in your own private PyPI registry

pip install ansible-anonymizer
Processing...
Done
Start your free trial

17 Releases

PyPI on Cloudsmith

Getting started with PyPI on Cloudsmith is fast and easy.

Learn more about PyPI on Cloudsmith
View the Cloudsmith + Python Docs