Use the following configuration examples to quickly set up and customize the data_masking plugin. You’ll find scenarios that cover predefined entity masking, custom keyword and regex rules, fuzzy matching, and advanced combinations — all designed to help you protect sensitive data in both requests and responses.

Example 1: Basic Masking of Predefined Entities

This configuration masks credit card numbers and email addresses using built-in entity recognition.

{
  "name": "data_masking",
  "enabled": true,
  "stage": "pre_request",
  "priority": 1,
  "settings": {
    "predefined_entities": [
      {
        "entity": "credit_card",
        "enabled": true
      },
      {
        "entity": "email",
        "enabled": true
      }
    ]
  }
}

Example 2: Custom Keyword and Regex Masking

This configuration defines custom masking rules for a specific keyword and a 6-digit PIN using regex.

{
  "name": "data_masking",
  "enabled": true,
  "stage": "pre_request",
  "priority": 1,
  "settings": {
    "rules": [
      {
        "type": "keyword",
        "pattern": "internal-secret",
        "mask_with": "[MASKED_SECRET]"
      },
      {
        "type": "regex",
        "pattern": "\\b\\d{6}\\b",
        "mask_with": "[MASKED_PIN]"
      }
    ]
  }
}

Example 3: Combined Predefined Entities and Custom Rules

This example combines built-in entity masking with a custom regex pattern.

{
  "name": "data_masking",
  "enabled": true,
  "stage": "pre_request",
  "priority": 1,
  "settings": {
    "predefined_entities": [
      {
        "entity": "ssn",
        "enabled": true
      }
    ],
    "rules": [
      {
        "type": "regex",
        "pattern": "custom-[A-Z]{3}\\d{4}",
        "mask_with": "[MASKED_CUSTOM]"
      }
    ]
  }
}

Example 4: Apply All Matching Rules

This configuration enables multiple rules and applies all that match instead of stopping at the first.

{
  "name": "data_masking",
  "enabled": true,
  "stage": "pre_request",
  "priority": 1,
  "settings": {
    "apply_all": true,
    "rules": [
      {
        "type": "keyword",
        "pattern": "apikey",
        "mask_with": "[MASKED_KEY]"
      },
      {
        "type": "regex",
        "pattern": "INT-\\d{6}",
        "mask_with": "[MASKED_ID]"
      }
    ]
  }
}

Example 5: Fuzzy Matching with Similarity Threshold

This configuration uses fuzzy matching to catch slightly altered sensitive terms.

{
  "name": "data_masking",
  "enabled": true,
  "stage": "pre_request",
  "priority": 1,
  "settings": {
    "similarity_threshold": 0.8,
    "max_edit_distance": 1,
    "rules": [
      {
        "type": "keyword",
        "pattern": "secret",
        "mask_with": "[MASKED_SECRET]"
      }
    ]
  }
}