Prerequisites

  • Have properly installed hoop.dev through one of the options available in the deployment overview
  • Be on an enterprise plan
  • Enough access to your infrastructure so you can load environment variables to your hoop.dev instance
  • Have admin access to your hoop.dev instance
This page is dedicated to the setup of AI Data Masking in self-hosted instances. If you are looking for the Learn Guides of AI Data Masking, click here.

Set up

You can either use Google Cloud Data Loss Prevention hosted by Google on GCP, or Microsoft Presidio, an open-source project that you can host yourself.

Google Cloud Data Loss Prevention (DLP)

You must be on an enterprise plan to have access to the AI Data Masking feature.
Create an account at Google Cloud Data Loss Prevention and a service account with the permission roles/dlp.user. When installing hoop.dev, you need to set the environment variable GOOGLE_APPLICATION_CREDENTIALS_JSON with your GCP DLP credentials in hoop’s Gateway. Hoop.dev uses Google Cloud’s DLP at our protocol layer to mask sensitive data in real-time in the data stream of any connection you configure.

Microsoft Presidio

1

Install

Check the Microsoft Presidio documentation to install it.

Microsoft Presidio Docker Installation

Visit the Microsoft Presidio documentation to install it using Docker.

Microsoft Presidio Kubernetes Installation

Visit the Microsoft Presidio documentation to install it using Kubernetes.
2

Set up

Set the new environment variables in hoop.dev’s Gateway with the following values:
Environment variable keyValue
DLP_PROVIDERmspresidio
DLP_MODEbest-effort or strict
MSPRESIDIO_ANALYZER_URL<host-to-analyzer:port>
MSPRESIDIO_ANONYMIZER_URL<host-to-anonymizer:port>
3

Run hoop.dev's Gateway with the new configs

After setting up the environment variables, hoop.dev will use Microsoft Presidio to mask sensitive data in real-time in the data stream of any connection you configure.

Redact Modes

The gateway now supports two operational modes that control how redaction failures are handled. Configure your preferred mode by setting the environment variable DLP_MODE to either strict or best-effort.

best-effort

This is the default mode, it will redact the content, however if it find any error it will continue to operate without any disruption.
  • DLP_MODE=best-effort

strict

This mode will return an error in case it find any redaction issue
  • DLP_MODE=strict

Activate to your connections

Navigate to your Web App instance > Open the Manage toggle > click at AI Data Masking > Activate by connection and to configure which fields you want to set, hit the “Configure” button.

How it works

At the protocol layer when communicating with a database or server, hoop.dev will open the package and communicate with DLP provider to mask sensitive data in it. This happens in memory and in real-time, so the data is never stored in the database or server in its original form. After the setup, we automatically give you a bunch of default and most used fields, so you don’t need to worry much about that part either. You can remove or add fields as much as you like. To see all fields available, check our documentation page for all fields supported.