Skip to content
Studio 3T - The professional GUI, IDE and client for MongoDB
  • Tools
    • Aggregation Editor
    • IntelliShell
    • Visual Query Builder
    • Export Wizard
    • Import Wizard
    • Query Code
    • SQL Query
    • Connect
    • Schema Explorer
    • Compare
    • SQL ⇔ MongoDB Migration
    • Data Masking
    • Task Scheduler
    • Reschema
    • More Tools and Features
  • Solutions
  • Resources
    • Knowledge Base
    • MongoDB Tutorials & Courses
    • Tool/Feature Documentation
    • Blog
    • Community
    • Testimonials
    • Whitepapers
    • Reports
  • Contact us
    • Contact
    • Sales Support
    • Feedback and Support
    • Careers
    • About Us
  • Store
    • Buy Now
    • Preferred Resellers
    • Team Pricing
  • Download
  • My 3T
search

Studio 3T Knowledge Base

  • Documentation
  • Tutorials
  • Workshops
Take the fastest route to learning MongoDB. Cover the basics in two hours with MongoDB 101, no registration required.
Start the free course

Data Masking for MongoDB | Tool Documentation

Posted on: 01/12/2020 (last updated: 13/10/2021) by Kathryn Vargas

Data Masking for MongoDB is the data masking tool in Studio 3T Ultimate that lets you obfuscate collections on a field level. Try it for free here.

Introduction

Data masking, obfuscation, or anonymization is required when certain personally identifiable information (PII) or other sensitive data must be kept private.

This requirement arises to comply with common data protection regulations such as:

  • General Data Protection Regulation (GDPR) – EU
  • Payment Card Industry (PCI) – Global
  • Health Insurance Portability & Accountability Act (HIPAA) – USA
  • Sarbanes-Oxley Act (SOX) – USA
  • Telecommunications Bill – UK

Data Masking for MongoDB provides a static way of data obfuscation.

You can apply a data masking technique to each field in a source collection, and choose whether to overwrite the source collection or export the masked documents to a new target collection.

Open Data Masking

1. Launch Studio 3T.

2. Connect to a MongoDB instance containing the collection you want to mask.

3. Choose the collection from the Connection Tree.

4. With the collection selected (e.g. customers), open Data Masking by clicking on the icon in the toolbar, or by right-clicking on the collection and choosing Mask Collection.

Two ways to open Data Masking

5. A new Data Masking tab will open with two sub-tabs: Data Masking tutorial and Overview.

Studio 3T will automatically create a data masking unit for the collection in the Overview tab.

Each data masking unit corresponds to a collection to be obfuscated.

Data masking unit in the Overview tab

6. (Optional). Choose the source and/or target connection in the Overview tab. Selecting Change source or Change target will open the Connection Manager window. The default configurations are the current working connection.

7. Double-click on the unit. This will open a separate Data Masking Unit where the field-level data masking configuration takes place.

Set the source collection

The source collection is the collection you’ve chosen – or dragged – from the Connection Tree.

Click on Change Source to switch to a different collection within your connection. You have the option to retain the current data masking unit configuration or to create a new default configuration.

Change source collection

Set the target collection

The target collection will be automatically set to <<source_collection_name>>_masked, in the same database where the source collection is located.

To change the target collection at any time, click on Change Target.

Change target collection

Use an existing collection as a target collection

Choose an existing collection from the list of databases in your connection, then click OK.

Choose existing target collection

Add a new collection as a target collection

Click on the target database from the tree, click on the Add new collection button, type the new collection name, and click OK.

Add a new target collection

Overwrite the source collection

It is also possible to overwrite the source collection instead of choosing a target collection.

Click on Click here to overwrite source. Note that overwriting the source will overwrite the original documents in place and masking the _id is disabled.

MongoDB data masking tool that lets you overwrite the source collection

Apply data masking techniques to fields

You will find all the fields in your source collection in the Mapping Tree section.

Choose a field from the Mapping Tree and click on the Edit mask button. Alternatively, right-click on a field and choose Edit mask.

Edit a field's mask

The Edit Field Mapping window will open.

From here, you can choose the data masking technique to apply to any given field, depending on its type.

Apply a data masking method to a field

Supported data masking techniques

All field types

  • Not masked*
  • Null out*
  • Exclude field*
  • Shuffle

*These three data masking techniques are the only options for Binary, Regex, Reference, Code, Min key, Max key, Mixed, Symbol, Timestamp, Undefined, and Unknown types.

String

  • Show only first or last characters
  • Mask entire string
  • Mask substrings matching regex
  • Scramble characters
  • Replace entire field with a fixed string

Numeric

Includes Double, Int32, Int64, and Decimal128 types.

  • Substitute value with fixed number
  • Add percentage to number
  • Subtract percentage from number

Date

  • Substitute with random date and time
  • Substitute with fixed date and time

Array

  • Empty contents of the array

Boolean

  • Negate boolean value
  • Substitute with fixed boolean value

ObjectId

  • Substitute with new ObjectId

Preview changes

The JSON Preview tab dynamically updates as you apply data masking methods, so you can preview the documents in the target collection or the overwritten source collection.

View exception and history logs

Next to the JSON Preview tab you’ll find an Exception Logs tab, where you’ll find any exceptions thrown during the data masking configuration.

Exceptions can arise, for example, when two types are detected for the same field in the initial scan, if only two characters are detected in a document but you’ve set a rule to show the first three characters, or if you have chosen to be warned in the Edit Field Mapping dialog for a particular field.

Choose to be warned when field value is not changed

The History tab tracks all changes made to the source collection.

Mask multiple collections at once

Add data masking units

You can add more units by dragging and dropping collections from the Connection Tree to the Overview tab, or by clicking on Add unit from the toolbar.

Dragging collections to add data masking units

A window will open where you can choose another source collection (housing below) from the tree. Click OK.

Add data masking units


The new data masking unit will appear in the Overview tab and open a separate Data Masking Unit tab. Repeat the field-level configuration as needed.

Edit data masking units

From the Overview tab, double-click on the data masking unit.

Edit data masking unit

You can also right-click on the unit and choose Edit selected unit, or select it and click on Edit unit in the toolbar.

Remove data masking units

With a unit tab open, click on Remove unit in the toolbar.

Remove data masking unit

Alternatively from the Overview tab, select the unit to be removed and either click on Remove unit in the toolbar or right-click and choose Remove data masking unit.

Enable/disable data masking units

In the Overview tab, check or uncheck the units. Alternatively, right-click on a unit and choose Enable unit or Disable unit (depending on its state).

Execute the data masking job(s)

Once the changes look good in preview, you can choose to execute all units or only the enabled units (in the Overview tab).

Click on either the Execute all units or Execute enabled units button in the toolbar. You will be prompted if you’d like to continue, then click OK.

Execute data masking and track data masking operations

You can track the progress of the data masking job in the Operations panel, on the bottom-left.

Once the data masking job has been run, you will also see the masked collection (e.g. customers_masked) in the target database.

Reset the configuration or detect new fields

Open any data masking unit and you’ll find the Mapping Tree toolbar, which provides these options:

Reset configuration – Click on Reset Configuration to either clear the current configuration and restore to the default setting (fields won’t be masked), or rescan the collection to detect any new fields in the documents.

Reset configuration

Data Masking scans the last 50 documents of a collection by default. You can adjust the limit as needed.

Other configuration options

Most of these toolbar options are also available by right-clicking on a field.

Right-click on a field in Data Masking

Edit mask – Edit the mask applied to the selected field.

Remove mask – Removes the mask from the data masking configuration, not the field.

Choosing Remove mask means the field’s original value will appear unmasked in the target collection. To avoid this, go to Edit mask and choose Exclude field as the masking method. This ensures the field and its values won’t appear in the target collection.

Add sibling – Manually adds a sibling field to the selected field. This is handy option if you know precisely which fields are new to the collection – instead of doing a collection rescan – or for adding a field back in the configuration.

Add child – Manually adds a child if an array is selected, or the document.

Move up/down (arrows) – Move a selected rule up and down.

These actions will not modify the order of the fields in the target collection. Another tool, Reschema for MongoDB, should do the trick.

Undo and Redo – Undo and redo changes.

Dropdown menu – Handy for showing all, only masked, or only unmasked fields.

Automate & schedule data masking

Data Masking integrates with two other features – Tasks and Task Scheduler – so that you can save data masking jobs as tasks.

Click on Save task (as) to save the job as a task.

Name the task. Then, click OK.

Data Masking task integration

This saves the task in the Task Viewer, from which you can choose to schedule, unschedule, edit, clone, delete, add, and execute tasks.

Learn more about Tasks and Tasks Scheduler.

Masking data on export

You can also specify data masking rules when using our Export Wizard tool. You can export collections, views, queries, query results, or specific documents to CSV, JSON, BSON/mongodump, SQL, or another collection.

On the Export Wizard tab, scroll down to the Data Masking subsection and click Open field masking editor to begin configuring your data masking rules. The original data source won’t be overwritten.

studio3t data masking on export

Learn more about Export Wizard.

Related reading:

  • Data Masking for MongoDB
  • Getting Data Masking and Anonymization Right
  • MongoDB Security Checklist: Essential Tactics Against Data Breaches


How helpful was this article?
This article was hideous
This article was bad
This article was ok
This article was good
This article was great
Thank you for your feedback!

About The Author

Kathryn Vargas

When she's not writing about working with MongoDB, Kathryn spends her free time exploring Berlin's food scene, playing the drums, learning languages (current mission: German), and hiking.

Article navigation

Related articles

  • Reschema for MongoDB | Tool Documentation
  • Working with MongoDB Data? Use These Data Masking Techniques
  • Lesson 6, Exercise 2: Using the SQL Query tool to aggregate collection data
  • The Best Data Masking Tools for MongoDB
  • Data Masking for MongoDB

Studio 3T

MongoDB Enterprise Certified Technology PartnerSince 2014, 3T has been helping thousands of MongoDB developers and administrators with their everyday jobs by providing the finest MongoDB tools on the market. We guarantee the best compatibility with current and legacy releases of MongoDB, continue to deliver new features with every new software release, and provide high quality support.

Find us on FacebookFind us on TwitterFind us on YouTubeFind us on LinkedIn

Education

  • Free MongoDB Tutorials
  • Connect to MongoDB
  • Connect to MongoDB Atlas
  • Import Data to MongoDB
  • Export MongoDB Data
  • Build Aggregation Queries
  • Query MongoDB with SQL
  • Migrate from SQL to MongoDB

Resources

  • Feedback and Support
  • Sales Support
  • Knowledge Base
  • FAQ
  • Reports
  • White Papers
  • Testimonials
  • Discounts

Company

  • About Us
  • Blog
  • Careers
  • Legal
  • Press
  • Privacy Policy
  • EULA

© 2023 3T Software Labs Ltd. All rights reserved.

  • Privacy Policy
  • Cookie settings
  • Impressum

We value your privacy

With your consent, we and third-party providers use cookies and similar technologies on our website to analyse your use of our site for market research or advertising purposes ("analytics and marketing") and to provide you with additional functions (“functional”). This may result in the creation of pseudonymous usage profiles and the transfer of personal data to third countries, including the USA, which may have no adequate level of protection for the processing of personal data.

By clicking “Accept all”, you consent to the storage of cookies and the processing of personal data for these purposes, including any transfers to third countries. By clicking on “Decline all”, you do not give your consent and we will only store cookies that are necessary for our website. You can customize the cookies we store on your device or change your selection at any time - thus also revoking your consent with effect for the future - under “Manage Cookies”, or “Cookie Settings” at the bottom of the page. You can find further information in our Privacy Policy.
Accept all
Decline all
Manage cookies
✕

Privacy Preference Center

With your consent, we and third-party providers use cookies and similar technologies on our website to analyse your use of our site for market research or advertising purposes ("analytics and marketing") and to provide you with additional functions (“functional”). This may result in the creation of pseudonymous usage profiles and the transfer of personal data to third countries, including the USA, which may have no adequate level of protection for the processing of personal data. Please choose for which purposes you wish to give us your consent and store your preferences by clicking on “Accept selected”. You can find further information in our Privacy Policy.

Accept all cookies

Manage consent preferences

Essential cookies are strictly necessary to provide an online service such as our website or a service on our website which you have requested. The website or service will not work without them.

Performance cookies allow us to collect information such as number of visits and sources of traffic. This information is used in aggregate form to help us understand how our websites are being used, allowing us to improve both our website’s performance and your experience.

Google Analytics

Google Ads

Bing Ads

Facebook

LinkedIn

Quora

Hotjar

Functional cookies collect information about your preferences and choices and make using the website a lot easier and more relevant. Without these cookies, some of the site functionality may not work as intended.

HubSpot

Social media cookies are cookies used to share user behaviour information with a third-party social media platform. They may consequently effect how social media sites present you with information in the future.

Accept selected