DataMasque Portal

DataMasque Installation on a Linux Server

This guide describes the process for deploying DataMasque with Docker Compose on a Linux server.

System requirements

  • Supported Operating Systems:

    • Ubuntu 18.04 or 20.04 LTS, x86 64-bit
    • Red Hat Enterprise Linux (RHEL) 7 or 8, x86 64-bit
  • 4 vCPUs

  • 8 GiB RAM

  • 40 GiB total disk space

Free space: DataMasque requires at least 6GB of free space inside the Docker root directory before install or upgrade. By default, the Docker root directory is /var/lib/docker.

  • A static external IP or hostname

  • Ingress requests allowed on port 443 (and optionally port 80)

    • These ports are used to serve DataMasque's web interface.
    • If HTTP traffic is allowed on port 80, it will be automatically upgraded to HTTPS on port 443.
  • For admin access (SSH), ingress requests allowed on port 22.

DataMasque Ingress requests

  • Client web browser: Google Chrome 85 or above

  • Container managers:

    • Docker 19.03 to 25.0.0 (Ubuntu and RHEL) or Podman 4.4.1 to 5.0 (RHEL only)
    • Docker Compose 1.17 to 1.29

Installing DataMasque

DataMasque is a container-based application and runs on both the Docker and Podman container managers. Follow one of the links below according to which container manager you are using.

Upgrading DataMasque

It is recommended that you take backups of all rulesets, connections and uploaded files before upgrading your DataMasque instance.

To upgrade your DataMasque instance, extract the new DataMasque Docker Compose package, and run the included installation script with the--upgrade option:

tar -xvzf datamasque-docker-v<version>.pkg
cd datamasque/<version>/
sudo ./ --upgrade

Note: If your user belongs to the docker and datamasque groups, root privilege escalation via sudo is not necessary for Docker installations.

For installations with Podman:

sudo ./ --podman --upgrade

Troubleshooting and maintenance

See the General Troubleshooting and Maintenance page.



  • Scaling: If you intend to run masking tasks in parallel or to perform multiple masking runs simultaneously, you should ensure your system has 1 vCPU and at least 1 GiB of RAM per concurrent masking task.
  • Network and I/O: Refer to Network and I/O best practices for server networking recommendations.
  • Host security: Deploy DataMasque on a dedicated VM/server with appropriate access control and enable host filesystem encryption.

Starting DataMasque automatically on boot

DataMasque's containers are configured with Docker Compose to always restart, so DataMasque will start automatically after system boot if the Docker daemon is configured to start on boot (which is the default configuration for a standard installation of Docker). For more information on configuring Docker to start on boot, refer to:

Data protection

It is recommended to take regular backups of your DataMasque EC2 instance. It is also recommended to periodically save copies of your Run Logs, as well as Ruleset and Connection configurations.