Data Masking Project Security

A DataVeil project often contains sensitive information.

DataVeil considers the following project elements as sensitive:  

  • Database passwords
  • Deterministic seeds

 If a project contains any sensitive elements then DataVeil shall prompt you for a Project Key. 

Project Key

DataVeil shall prompt you for a Project Key when it needs to manage sensitive project elements.

For example, if you attempt to specify a deterministic seed and a Project Key has not yet been created then the following dialog shall appear:

Any combination of printable characters is acceptable. The only requirement is that the key is at least 6 characters long.

Even if the project does not use deterministic mode but specifies a database password when saving the project the following dialog shall appear:

If the user selects 'No' then all database passwords and deterministic seeds shall be deleted from the DataVeil project before it is saved to a project file.

If the user enters a Project Key and selects 'Yes' then all database passwords that were entered in Connection panels with a 'save passwords' option shall be encrypted using the Project Key and saved. All deterministic seeds shall also be encrypted using the Project Key and saved.

If a user subsequently opens a DataVeil project (.dvp file) then the user shall be able to edit the project without the Project Key except for viewing or editing deterministic seeds.

The Project Key is not stored anywhere. Only a hash of the Project Key is stored for subsequent validation purposes.

 

Entering the Project Key

The DataVeil GUI shall automatically prompt the user for the Project Key whenever the user attempts to view or edit deterministic seeds or to perform any database access such as browsing table data or performing discovery or masking executions.

The Project Key can also be explicitly entered by the user at any time in the Project Key panel under the tab Settings->Project->Project Key as shown below.

 

The Project Key Maintenance Panel

The Project Key maintenance panel is accessed from the Settings tab in the main window, as shown in the diagram below:

 

The Unlock and Change Key buttons will both require the user to enter the correct Project Key.

The Delete Key can be pressed by anyone to delete a currently defined Project Key. After confirmation, it will delete all database passwords and deterministic seeds from the project. Its use is intended for the situation when the Project Key is forgotten. Naturally, you will need to re-enter the database passwords and deterministic seeds into the project before you can run the project again.