Redacting the contents of a specific column or table from the Cyral logs

Cyral provides two options for redacting sensitive information from the Cyral query logs. This is set on a per-repository basis:

  • Full redaction redacts all literal values from all queries for a repository. To set this up, turn on Redact literal values for your repository in Cyral, go to the Advanced tab, and click the Redact literal values check box. 

  • Partial redaction redacts only values from those fields you've set up for tracking in your data map. To set up partial redaction, see below.

Set up partial redaction

  • Make sure your data map contains all the tables, columns, and fields whose data you wish to redact from the logs (see the Policy Guide for instructions).

  • Run the following Cyral API call, setting the redact parameter to watched:

    • replace <my-cyral-cp> with the address of your Cyral control plane
    • replace <repo-id> with the ID number of your repository
    • set the redact parameter to watched
    • This example sets logGroups to everything to turn on all logging. Replace this with your preferred logging settings.
curl -H "Content-Type: application/json" -X PUT http://<my-cyral-cp>:8000/v1/repos/<repo_id>/conf/analysis -d '{"redact": "watched","logGroups":["everything"]}'

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.