DataMasque on AWS

AWS Logo and Shopping Cart

DataMasque is now available on the AWS Marketplace.

Proudly an AWS partner, DataMasque continues to innovate and integrate with AWS services to support your organisation in safeguarding data privacy and fulfilling compliance requirements.

Strengthen and simplify
sensitive data protection

With DataMasque’s total focus on data security, you have the right toolset to meet your compliance requirements through best practice data masking, all seamlessly integrated into your DevOps workflow – in the cloud or on-prem.

Best-of-Breed Data Masking

Many data masking tools fail to effectively safeguard sensitive information from malicious actors, while also rendering data unusable for consumers. We recognise that simplistic masking techniques like data shuffling are inadequate protection, and that indiscriminate replacement of values can break data integrity, inhibiting development and testing activities.

DataMasque offers ease of use without compromising security or data integrity. Our aim is to make the simple things easy, and the complex things possible.

Tick icon


DataMasque supports encryption in transit – all data transmissions are encrypted between DataMasque and your data sources.

The easiest masking is the safest masking. The DataMasque toolkit drives you towards the most secure approach.

Sophisticated safety measures that can preserve data consistency and implicit relationships.

Tick icon


DataMasque provides simple yet powerful tools to generate realistic, diverse and functional datasets representative of your production data.

DataMasque provides all the functionality necessary to ensure data values can be consistently masked across tables and databases, even those running on different database engines (i.e. the same value is replaced with the same masked value wherever it exists).

Tick icon

Ease of Use

Composable building blocks provide straightforward mechanisms that can be used in combination to satisfy complex masking requirements.

With a YAML-based syntax comparable with tools like Ansible and Kubernetes, DataMasque makes crafting masking rulesets simple. The immediate roadmap includes a drag-and-drop interface for even more user-friendly construction of masking rulesets and masking templates to drive reusability.

Centralised Security Management

First-class data masking on its own isn’t enough – you need a solution that is convenient to manage and gives you full visibility of your security posture. DataMasque’s centralised administration interface makes it easy to manage all of your masking from a single dashboard, and provides you with comprehensive reporting to ensure you are meeting your compliance requirements.

Tick icon

Everything in One Place

The administrative web interface unites all data masking functions on a single dashboard – no need for managing SQL and configuration across servers. The centralised interface also streamlines reuse of masking resources.

Tick icon

Security Reporting

Reports catalogue exactly which tables and columns are covered by your masking rulesets.

Tick icon

Meeting Your Full Compliance Needs

Detailed read-only audit logs record all changes and data masking operations to meet compliance requirements for privacy regulations (such as GDPR, HIPAA, PCI, CCPA, and ISO27001). These audit logs provide evidence of compliance to auditors.

Modern Architecture

DataMasque has been designed with modern enterprise environments in mind. With horizontal scalability, containerised deployment options, and an automation API, DataMasque can seamlessly slot into your existing data provisioning process or DevOps pipeline – regardless of whether you’re running on-prem or in a public cloud environment.

Tick icon

Horizontal Scalability

DataMasque is designed to scale horizontally, enabling you to parallelise your masking workload.

Tick icon

Containerised for On-Prem and Cloud

DataMasque’s container-based installation streamlines deployment in on-prem and public cloud environments. Vendor Marketplace support is also available on AWS and Cohesity.

Tick icon

API-Driven for Automation

An API-driven administrative interface automates data masking as part of data provisioning workflows and IT service management processes.

See DataMasque® in action for yourself

Frequently Asked Questions

Have another question? Ask it here

  • DataMasque is a data masking tool that enables you to replace sensitive values in databases with artificial but realistic alternatives while maintaining data integrity. Data masking can enhance testing, development and training by providing realistic and functional data in these scenarios without compromising security, privacy or operational accuracy.
  • DataMasque currently supports Oracle, Microsoft SQL Server and PostgreSQL, with plans for more database integrations in the works. Please see our Support Matrix for details.
  • DataMasque supports the following deployment options:
    • As a Cohesity App through the Cohesity marketplace.
    • As a set of Docker containers deployed on Red Hat Enterprise Linux or Ubuntu with Docker Compose.
    • As a pre-configured product through the AWS Marketplace.
  • DataMasque can be accessed using a browser-based web interface, which provides a centralized single-pane-of-glass view of your entire data masking environment. DataMasque also provides a robust set of REST API endpoints, allowing you to easily utilise its various features through automated processes.
  • DataMasque can discover sensitive data by performing a metadata keyword search to provide you with a starting point for data masking, allowing you to prioritise which data sources to protect. Sensitive data discovery tasks can also be included with every data masking run to identify new sensitive information, providing proactive and ongoing protection.
  • DataMasque removes sensitive data from your database and replaces it with realistic masked data. By default, masked values are randomly generated, preventing recovery of the original data. When data consistency across tables is required, DataMasque generates masked values using cryptographically secure SHA-512 salted hashes of the original values.
  • DataMasque provides masking algorithms that generate values based on one or more unmasked column values using a cryptographically secure SHA-512 salted hash. Use of these algorithms ensures deterministic masking across columns, tables, and database engines.
  • DataMasque supports masking of primary keys and unique keys. DataMasque automatically maintains referential integrity of foreign keys and also allows users to propagate masked values to implied foreign keys.
  • DataMasque currently provides a REST API for triggering and monitoring masking runs using pre-configured connections and rulesets. We have plans to open more API endpoints in the future.
  • The DataMasque licensing model is based on the total (cumulative) size of each unique masked database: Each time a new unique database is masked, the total on-disk size of that database is subtracted from the available quota of your licence. Database size is calculated as follows:

    Sizing calculation

    The allocated size includes datafiles and control files.

    Usage query
    SELECT SUM(bytes)/POWER(1024,4) Size_In_TB FROM dba_data_files WHERE online_status <> 'OFFLINE' AND status = 'AVAILABLE';
    Required privileges

    Read-only privilege on dba_data_files, v$database

    Microsoft SQL Server
    Sizing calculation

    The total size of all database files on the selected database instance.

    Usage query
    SELECT sum(CONVERT(BIGINT, size))*8.0/POWER(1024,3) Size_In_TB FROM sys.database_files WHERE state <> 6;
    Required privileges

    Read-only privilege on sys.master_files, sys.database_file

    Sizing calculation

    The total size of all database files.

    Usage query
    SELECT pg_database_size(datname)/POWER(1024,4) AS SIZE_IN_TB FROM pg_database WHERE datname=current_database();
    Required privileges

    Read-only privilege on pg_database and system information functions

What technologies does DataMasque® support?

Don’t see your preferred technology listed?
Get in touch and let us know what you’re after.

Support matrix

DataMasque supports the following platforms and data sources

Platforms Version
Check mark Cohesity MarketPlace --
Check mark AWS MarketPlace --
Software Platforms
Check mark Ubuntu 18.04 or 20.04 LTS x86 64-bit
Check mark Red Hat Enterprise Linux RHEL 8 x86 64-bit
Check mark Oracle Database 11gR2, 12gR1, 12gR2, 18c, 19c
Check mark Microsoft SQL Server 2012, 2014, 2016, 2017, 2019
Check mark MySQL 5.7, 8
Check mark PostgreSQL 9.6, 10, 11, 12, 13
Check mark Amazon Aurora --
Check mark Amazon DynamoDB --
Check mark Amazon RDS --
Check mark Amazon Redshift --
File Masking
Check mark Storage Platforms AWS S3 and Azure Blob Storage
Check mark Tabular CSV (and other character delimited), Fixed Width & Parquet files
Check mark Object JSON & XML files
Check mark Multi-Record Apache Avro & NDJSON files


Free quote

Get the plan that suits
your business needs

Thank you for getting in touch.

One of our team members will get back to you shortly.

30 day free trial

Experience the power of
best-of-breed data masking

Thank you for getting in touch.

One of our team members will get back to you shortly.