Configuration
Learn how to configure the Redact service
Overview
Configuration of the Redact service occurs within the Pangea User Console (PUC). A Pangea Organization Admin or Project Admin must complete the following steps to configure the Redact service.
- Enable the service
- Create a token for the service
- Enable redact rules
- Enable Secure Audit Log integration (optional)
Enabling the service
Service enablement must be performed by a Pangea Organization Admin or Project Admin. Clicking Services > Redact
will automatically invoke the enablement process.
This will present a multi-step modal, with the first step explaining the service and its capabilities. Click the button to continue the enablement process.
The second step will only be presented if no existing token has access to the Redact service. This step will require the creation of a token that has access to the service. A service cannot be used unless a token granting access to that service has been provisioned.
Enabling Redact Rules
Clicking the Rulesets
menu item will display redaction rulesets currently available. Rulesets are comprised of individual redaction rules. Clicking a ruleset will list the individual rules.
Rules can be enabled by clicking the toggle. Details about the rules can be viewed by clicking view rule
.
When enabling a rule, a reaction method
can also be specified. Redaction methods determine how data matching the rule will be replaced.
To learn more about rulesets, rule details, redaction rules, and using the Redact service, click here.
Enabling the Secure Audit Log integration (optional)
The Secure Audit Log service integrates with the Redact service. Once you enable the Redact service, you can enable the Redact records option under Secure Audit Log Settings in the Pangea User Console. This will cause all events sent to the Secure Audit Log service to be redacted by the rules enabled in the selected Redact configuration.
Enabled rules in Pangea Console
The set of enabled rules is run on every redact API call, this allows for configuring a basline set of rules that should always be run.
- To view the enabled rules in the Pangea Console , go to the Rulesets page under Redact
- Click View Enabled Rules to view all enabled rules.
- Click Manage Rules. to change what rules are currently enabled.
Testing redact rules in Pangea Console
The Pangea User Console supports the testing of any enabled or disabled rules. To test a rule:
- In the Pangea User Console , go to the Rulesets page under Redact
- Click Test Rules.
A dialog will appear with various options for testing rules.
- Select a rule or multiple rules you’d like to test from the dropdown menu.
- Add any text you want to test against in the input field below the dropdown. The data should be associated with the rules option you selected in the dropdown. For example, if you chose "Credit Card", you can add any credit card number along with other text to test the rule and ensure it's working as expected. Once you add the data, click Test Rules.
- The test yields a response:
- Redacted Data - The response represents the data you entered in the input field with the sensitive portion (i.e. Credit Card number) redacted.
- Details - The JSON response sent by the redact API.
Testing redact rules in API Reference
You can also test out redact rules using the interactive Redact API Reference. You'll need to copy rule name information from the Pangea Console into the input fields in the API Reference. Follow the steps below:
- In the Pangea Console , go to the Rulesets page under Redact.
- Click on a set of rules. A dialog with configuration details will appear.
- Decide which rule(s) you want to test and use the copy icon to copy the rule name as a string onto your clipboard. You can test more than one rule at a time.
- Go to the Redact API Reference
- Enter data into the parameter fields (or choose to Load Sample Data)
- In the
rules
parameter, paste the string you copied onto your clipboard. You can enter an array of strings - and in doing so test various rules at once.
In this example, "email address" was used as the redaction rule. The API request includes a string of text that contains an email address. You can see in the JSON response that "email address" has been redacted.
curl -sSLX POST 'https://redact.'"$PANGEA_DOMAIN"'/v1/redact' \
-H 'Authorization: Bearer '"$PANGEA_REDACT_TOKEN" \
-H 'Content-Type: application/json' \
-d '{"text":"My name is Dennis Nedry and my email is you.didnt.say.the.magic.word@gmail.com","debug":false,"rules":["EMAIL_ADDRESS"]}'
{
"request_id": "prq_63ooica2rmk5nmv3cg6yp3iohb4ukugp",
"request_time": "2023-02-03T18:56:37.236505Z",
"response_time": "2023-02-03T18:56:37.393045Z",
"status": "Success",
"summary": "Success. Redacted 1 item(s) from text",
"result": {
"redacted_text": "My name is Dennis Nedry and my email is <EMAIL_ADDRESS>",
"count": 1
}
}
Setting up multiple configurations
Redact has the option of creating additional rulesets. Each ruleset is a configuration that can be used for your project, providing customization to how you are able to use the Redact service.
Follow these steps to set up multiple configurations:
- In the Pangea User Console, navigate to the Redact service.
- Click Rulesets.
- In the upper right corner of the page, click + Ruleset. A dialog box displays.
- Type the information about the ruleset into the provided dialog box and then click Save.
- Configure the rules for the rule set. You can import rules, add rules individually, or enable all rules at once. There is also an option to disable all rules to start over.
Check out the Multiple Configurations page to learn more about setting up and using multiple configurations.
Was this article helpful?