DataVeil home

Home    Table of Contents

Getting Started with DataVeil Data Masking

Please note:

* You can watch video demonstrations of DataVeil at

* This DataVeil User Guide is also available online at


After you start DataVeil, you will be presented with an initial screen, similar to that shown below.

DataVeil GUI main window


You may be wondering... "OK, so now what?"

In answer to that question, the general workflow is as follows:

Step 1 - Connect to the Database

Step 2 - Add relevant Tables & Columns into your Project

Step 3 - Identify the Sensitive Columns

Step 4 - Configure Masks for the Sensitive Columns

Step 5 - Run the Masking Project

Each of these steps is described below.


Step 1 - Connect to the Database

The first thing you will need to do is to retrieve the schema (i.e. the database layout details) of the database that you wish to mask.

In order to do this you will need to define a connection to the database.

You can do this by either clicking on the  icon in the toolbar or from the main menu Database -> Add Database Connection...

Add Connection menu item


This will bring up the Add Database Connection dialog as shown below. Select the database type and enter the name of the database as configured on the server. In the example below, we will use a database called "kona" which is an SQL Server type of database.

Add database connection dialog


After you click 'OK' you shall be presented with the Connection view where you must specify the connection parameters to your database. In our example the connection parameters are shown below. If the database is on the same same computer as DataVeil then you could also leave the 'Hostname or IP' field blank (SQL Server connection panel is shown).

DataVeil database connection details form

 Note: The User that you login with shall require broad database administrative privileges when a masking Project is executed (Step 5 below.) This is because DataVeil shall perform actions such as: disabling/enabling constraints and triggers, creating/dropping tables and (depending on the DBMS) creating/dropping schemas.

After the connection parameters have been specified, click on the 'Get Schema' button. This shall retrieve the schema information such as Table names, Column names and dependency details.


The DataVeil Workspace


Please note that in the Explorer Window there are three tabbed views: Project, DBMS and Excluded.

DataVeil explorer

 Project View

This will show all Tables and Columns that you have selected as relevant to your masking Project and shall be saved in a DataVeil Project file (.dvp) whenever you perform a Save action. Upon initial connection to a database, the Project view shall be empty and you shall be presented with the DBMS view instead.


This view shows all Tables and Columns that are available on your DBMS (Database Management System) that are not part of your Project and are not Excluded.

It is intended that you use the DBMS view after initially connecting to a database so that you can select which Tables and Columns are to be moved into your Project (using right-click action "Add to Project".) After you finish selecting the Tables and Columns you should switch to the Project view to develop your masking Project. You can return later to the DBMS view if you decide that there are additional Tables and Columns that you wish to add to your Project.

Excluded View

This view shows Tables and Columns that you have excluded using the 'Exclude' action. It is not necessary to exclude anything from a Project. It has been provided so that you can exclude Columns that you are certain are not sensitive so that they do not appear in search results as false-positives and also not appear in the Project view.


Step 2 - Add relevant Tables & Columns into your Project


After successfully connecting to the database, the DBMS view shall list the available Tables and Columns in the database. An empty Project Diagram shall also be displayed.

Fields available for masking project


You now select the Tables and/or Columns that are to be moved into the Project (you can make multiple selections while holding down the Ctrl key) and then right-click and select the "Add to Project" action, as shown below. As you move Tables and Columns into the project, the Project Diagram shall be updated accordingly.

You can filter the contents of the DBMS view by typing-in the filter text in the Filter text box.

Add multiple fields to data masking project

Note: If your schema is relatively small (perhaps 100 tables or so) and you simply wish to move the entire schema into your Project, then you can right-click on the database node (shown as "kona" in the example above) and choose "Add to Project".


After you have have finished moving Tables and Columns into your Project you should switch to the Project view by clicking on the "Project" tab.

Data masking project view


Step 3 - Identify the Sensitive Columns


DataVeil requires that you tag each Column that you wish to mask as 'Sensitive' so that DataVeil can track the status of Columns that need to be masked. For example, sensitive Columns typically include person first names, last names, birthdays, account numbers, addresses, phone numbers, email addresses and so on.

If you already know which Columns are sensitive then you can proceed to tag them in one of two simple ways (described as Options below). If you do not know where the sensitive data is located in your database then please refer to the Discovery section.

You can also examine a sample of the actual data using the Data Browser window.

Shown below is an example of how to tag the Column 'lastName' as 'Sensitive'.


Option 1 - Use the Project Explorer Tree

Using the Project view's explorer tree, review the list of Columns and tag those which are sensitive by right-clicking on the Column and selecting 'Sensitive' from the pop-up menu. You can also mark all Columns of a Table as Sensitive by right-clicking on the Table name and selecting 'Sensitive' from the pop-up menu.

Note: As you may notice, the pop-up menu shows an 'Add Mask...' option. Using this option you could add a mask and mark the Column as sensitive in one step. You could even select many columns and entire tables and add a mask to all of these in one step. This is described below under the heading "One Step and Bulk Mask Creation". For now, however, we will take a few minutes to illustrate the basic concepts of tagging sensitive Columns and adding masks individually.

Diagram popup menu


Option 2 - Use the Diagram View

If you prefer to work from the Diagram view of your schema then: 

-  Locate the Table containing the sensitive Column(s).
  (The Find feature in the Diagram's toolbar can be very useful to quickly locate Tables and Columns in large Diagrams)
-  Double-click on the Table (this enters the Diagram 'edit mode')
-  Right-click on each Column that is sensitive (in the Table) and select 'Sensitive' from the pop-up menu.
-  Click anywhere outside the Table to exit edit-mode for that Table.

Tag sensitive data in diagram


Depending on your workflow preference, you can either just tag all of the sensitive Columns first and then later define masks for them, or you can tag a Column as 'Sensitive' and immediately configure a mask for it, or you can select one or more Columns (and/or Tables) and add a mask to all of them in one step as described below under "One Step and Bulk Mask Creation."


You can always review a summary of which Columns have been tagged as Sensitive and their currently configured masks from the Masks Summary view.

Mask summary view 


Step 4 - Configure Masks for the Sensitive Columns

After you have tagged a Column as 'Sensitive' you will need to configure a mask for it. 

Note: You can actually define multiple conditional masks for a Column. Each mask's condition is defined by its Where condition.

You can easily navigate to the Column's Masking view directly from the Masks Summary view by right-clicking the Column name and selecting 'Open Column Masks' from the pop-up menu.

Data mask summary popup menu


You can also just open the Masking tab and select the Column in the Project Explorer tree.

Data masking item detailed configuration view


After a Column has been tagged as Sensitive the combo list of available masks becomes enabled. You can then select the mask that you wish to configure. In this example we are demonstrating the Shuffle mask simply because it is so versatile; however, please be aware that there is also a Person Last Name mask that could have been used.

Note: You can view a sample of the actual data using the Data Browser window. Understanding the nature and format of the data that you are trying to mask can sometimes help you choose an appropriate mask and masking parameters.


Available data masks combo box


Note: Sometimes, some of the mask choices will be disabled such as the DateTime mask as shown above. This is because the data type of the target Column ('lastName') is not compatible with those masks.

Now click on the 'Add' button to add the selected mask. The mask's configuration panel shall open. Most of the masks have default values. In this example we shall accept the default parameters of a simple shuffle for a single Column, so just click 'OK' to complete adding the Shuffle mask for the 'lastName' field.

Shuffle data mask dialog


It is worthwhile pointing out another versatile mask called the Randomize mask. It can mask a field while preserving its original format. In other words, it will replace alphabetic characters (A-Z, a-z) with randomized alphabetic characters (preserving case), digits with randomized digits, and preserve all other characters such as white space and special symbols. It can also perform partial masking of a Column. For example, suppose you wanted to mask telephone numbers. You could specify that only the last four digits are to be masked. This means that any country code, area code and formatting information of every single value would be preserved.

Another very useful mask is the DataSet mask. It will mask Columns using replacement data from a CSV file that you supply.

You can review all available masks in the Masks Reference section to determine which masks would be best suited for your purposes. 

Non-English Languages

Several masks are designed to work optimally with the English language. For example, Person First Name and Last Name masks will generate names commonly used in the USA, Canada, UK and Australia. This is also true of the Company Name and Sentences masks. The Randomize mask also relies on the English alphabet.

However, there are other masks that are useful for non-English languages, such as DataSet, Shuffle, Redact, DateTime, Random Number and others.

For a complete list please refer to Unicode & Non-English Languages.


One Step and Bulk Mask Creation

Now that you have an understanding of the basic process and significance of identifying sensitive columns and configuring masks for them, it is time to introduce you to a faster and more convenient way to work that lets you mark columns as Sensitive and create masks for them in a single step.

You simply right-click on a column name and select 'Add Mask...'. You will then be presented with a list of available masks. After selecting a mask and entering any required parameters, the column shall be automatically marked as Sensitive (if it is not already) and the mask shall be added.

You can also choose multiple columns across multiple tables and add a mask to all of them in a single step. For example, suppose that you want to assign individual Shuffle masks to each of 9 columns across 3 tables. You would simply hold down the Ctrl key while selecting the 9 columns in the Project explorer tree, then right-click on any one of the selected columns and choose 'Add Masks to Selection...'.

Add data mask to multiple fields


You would then select the mask, then enter any required parameters, and click OK. A copy of that mask and its parameters shall be created for each of the selected columns.

Mask selection for multiple fields



Preview Masked Values (Optional)

Before you actually Run a masking Project and overwrite your database with masked values, you may be interested in previewing what masked values your Project shall actually generate before committing these changes with an actual Run.

DataVeil lets you preview the generated masked values in the Data Browser - showing both 'before' and 'after' values. This is an entirely optional step. To preview these 'before' and 'after' values, click on the Preview Run button  in the main toolbar or in the Data Browser toolbar.

It is important to note that DataVeil will likely make temporary changes to the database even during a Preview Run, such as temporarily disabling triggers and constraints. These will all be restored upon the completion of the Preview Run. Therefore, never perform a Preview Run on a database that is currently in use by other users. You should have exclusive access to the database.

A confirmation box shall be displayed:

Preview masking run confirmation dialog


Masked Value Generation Scope


Only a small subset of rows shall be processed. This is ideal for quickly generating a preview of what masked values shall look like. Note: Dependant values (from automatically generated 'Inherit' masks) shall not be generated in Quick mode and shall be shown as "NA (Inherit)". This is because Quick mode may not generate all required parent masked values for its dependencies.


This shall generate the full range of masked values and the total execution time shall be approximately 90% of the time that it would take to perform an actual masking Run. i.e. the additional 10% is an estimate of the time that it would take to write the masked values to your database tables.

This option can be used on any size database using any DataVeil license type. This means that you can evaluate DataVeil's performance of masking an unlimited number of sensitive values using a Freeware license.


After the Preview Run completes, the Data Browser shall display a preview of what the 'before' and 'after' masking values would look like. The default display format is shown below. You can sort the rows by clicking on the column name headings.

You can also customize which columns are to be displayed and their appearance order in the Data Browser Settings panel that you can access by clicking on the  settings icon. Please refer to the Data Browser section for more details.

Data browser masking view


You can read more about Preview Run in the Executing Projects section.


Step 5 - Run the Masking Project

After you have completed defining masks for the sensitive Columns you can execute the masking Project.

To run the masking project you can:

Click on the Run button   in the toolbar,

or; click on the 'Run...' button in the 'Execution' view.

DataVeil execution buttons

Note: The user specified under Username in the Connection view shall require broad administrative privileges as described in Step 1. Otherwise, the masking Run will likely fail.


A warning shall always be displayed to caution you that the target database shall be overwritten with masked values.

Data masking run confirmation dialog


Select the checkbox next to "Proceed to overwrite the database?" and then click on 'OK' to confirm that you have understood the cautions and to proceed to mask the target database. The Execution and Output Logger views shall be opened (if they aren't already) and the progress of the masking project shall be displayed. 


Data masking control panel


You can access Logger display options by right-clicking on the Logger view. This allows you to control line-wrap, search the logger, filtering and saving a copy of the Logger output to a text file ('Save As...' ).


The optional Compile step

You may have noticed a 'Compile' function. When you perform a 'Run' (described above) a Compile is automatically performed. The main purpose of providing a separate Compile step is so that you can perform a final validation of a Project to confirm that the Project is indeed ready to execute at a later time without having to attempt an actual execution.

To perform a Compile you can:

Click on the Compile button  in the toolbar,

or; click on the 'Compile' button in the 'Execution' view.

 Compile button

Compile is a quick function that usually takes only a matter of seconds.


Execution from Command Line

It is also possible to execute a DataVeil Project from the Windows command line. This gives you great flexibility because, using the operating system environment, you can schedule a DataVeil masking execution and even incorporate it into larger batch jobs to achieve automation.

A sample batch file "dataveil_cmd.bat" has been provided in the installation folder "dataveil\batch". It contains a sample command to execute a DataVeil Project and how to verify whether the execution outcome was successful or not.

For further details please refer to the Command Line Execution section.


Masking Execution Report

A masking execution PDF report is automatically created after each masking run and can be viewed in the PDF viewer window by clicking on the Reports tab as shown below.

By default, a copy of the actual masking project is also saved in the report folder. This can help with compliance requirements because the report folder will have an exact copy of the masking project that was executed together with a detailed PDF report of the masking details and outcome.

An XML version of the masking run report is also automatically saved in the report folder.

DataVeil data masking PDF report


You can customize report settings by clicking on the  button. You can specify options such as:

* Automatically save a copy of the masking project file with the report (default is Yes).

* Automatically delete older reports. Note: You can keep important results permanently by right-clicking on the result node and choosing 'Move to Archive'.

* Specify custom report headings such as your Company Name, Analyst Name, Contact Details, etc.

* Send email notifications of completed masking jobs with the option to include the PDF report as an attachment.

DataVeil masking report options


If you would like to view the folder contents directly then you can right-click on the result node and choosing 'Open in Windows Application'. This will effectively open the result folder in Windows Explorer.

DataVeil report explorer popup menu


SQL Scripts

You can also define SQL commands that are to be performed before the masking functions are performed, such as for environment setup, and SQL commands that are to be performed after masking has been completed. You can find out more in the Scripting SQL Commands section.


This has been a simple introduction into the basic operation of DataVeil to perform static data masking.

Although DataVeil has other more advanced concepts and features, the basic process described in this section is fundamentally the same.

You are encouraged to review all of the topics in this Help file, particularly each of the available masks in the Masks Reference section, and look for other tutorials and videos at our web site at

Finally, we always welcome feedback! You can send us your feedback either through the contact form on our web site or you can email us directly at



Home    Table of Contents