You could also use the HASHBYTES function to produce your masked values.
Dynamic data masking with deterministic values
I would like to check for data masking solution when reading data from a SQL Server database.
To elaborate further, the data elements should be encrypted/masked when a set of users querying the tables. The data stored at rest should be clear (i.e. unmasked/ not encrypted).
Also, the masking values should be consistent(deterministic) across the database. E.g. if a username john - masked/encrypted to xyz in schema 1 table a, schema 2 table b should have the same masked/encrypted value for the same user. So that we can join the cross-schema tables.
Key notes:
- Data at rest should be in clear form i.e. unchanged from source.
- Encryption/masking should be deterministic.
I have explored the SQL Server TDE & DDE options but doesn't suit my requirements.
Would like to hear from experts who handled such a requirement in a SQL Server database.
Thanks in advance!
1 additional answer
Sort by: Most helpful
-
LiHongMSFT-4306 29,826 Reputation points
2024-04-24T07:16:03.47+00:00 How about encrypting data by using a symmetric key.
See these docs: ENCRYPTBYKEY (Transact-SQL); CREATE SYMMETRIC KEY (Transact-SQL)
Best regards,
Cosmog Hong
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".