Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.neuraltrust.ai/llms.txt

Use this file to discover all available pages before exploring further.

While predefined data masking entities (e.g., credit card numbers, SSNs) cover many standard use cases, you may need to define custom rules for domain-specific data or unique patterns. Custom rules give you fine-grained control over exactly which information is masked and how it is replaced.

What Are Custom Rules?

Custom rules specify either a keyword or regex pattern to match sensitive data. When the plugin encounters a match, it replaces the sensitive text with a placeholder (e.g., [MASKED_SECRET]). This mechanism ensures your logs, debugging outputs, or API responses never contain the actual sensitive values.

Example: Custom Regex & Keyword

Below is a minimal configuration snippet showing two custom rules:
  • A regex rule to mask any standalone 6-digit code with [MASKED_PIN].
  • A keyword rule to identify the string internal-secret and replace it with [MASKED_SECRET].
{
  "name": "data_masking",
  "enabled": true,
  "settings": {
    "apply_all": false,
    "rules": [
      {
        "type": "regex",
        "pattern": "\\b\\d{6}\\b",
        "mask_with": "[MASKED_PIN]"
      },
      {
        "type": "keyword",
        "pattern": "internal-secret",
        "mask_with": "[MASKED_SECRET]"
      }
    ]
  }
}

Combined Configuration

{
  "name": "data_masking",
  "enabled": true,
  "settings": {
    "apply_all": false,
    "predefined_entities": [
      {
        "entity": "credit_card",
        "enabled": true
      },
      {
        "entity": "ssn",
        "enabled": true
      }
    ],
    "rules": [
      {
        "type": "regex",
        "pattern": "custom-[A-Z]{3}\\d{4}",
        "mask_with": "[MASKED_CUSTOM]"
      }
    ],
    "similarity_threshold": 0.8,
    "max_edit_distance": 1
  }
}