Myanon is a MySQL dump anonymizer, reading a dump from stdin, and producing an anonymized version to stdout.
Anonymization is done through a deterministic hmac processing based on sha-256. When used on fields acting as foreign keys, constraints are kept.
However, an optional python support can be used to define custom anonymization rules (python faker for example)
Myanon works by default on flat (numeric and text) fields. An optional json module is available for json fields.
A configuration file is used to store the hmac secret and to select which fields need to be anonymized. A self-commented sample is provided (main/myanon-sample.conf)
This tool is in alpha stage. Please report any issue.
Example to create both a real crypted (sensitive) backup and an anonymized (non-sentitive) backup from a single mysqldump command:
mysqldump mydb | tee >(myanon -f myanon.cfg | gzip > mydb_anon.sql.gz) | gpg -e -r [email protected] > mydb.sql.gz.gpg
- autoconf
- automake
- make
- a C compiler (gcc or clang)
- flex
- bison
- python (optional)
- jq (optional)
Example on a Fedora system:
$ sudo dnf install autoconf automake gcc make flex bison
$ sudo dnf install python3-devel jq-devel # For optional python and json support
[...]Example on a Debian/Ubuntu system:
$ sudo apt-get install autoconf automake flex bison build-essential
$ sudo apt-get install python3-dev libjq-dev # For optional python and json support
[...]On macOS, you need to install Xcode and homebrew, and then:
$ brew install autoconf automake flex bison m4
$ brew install python3 jq # For optional python and json support
[...](Please ensure binaries installed by brew are in your $PATH)
If you are using zsh, you may need to add the following to your .zshrc file:
export PATH="/usr/local/opt/m4/bin:$PATH"
export PATH="/usr/local/opt/flex/bin:$PATH"
export PATH="/usr/local/opt/bison/bin:$PATH"For Apple Silicon at build time, you may need to adjust include and library search path:
export CFLAGS=-I/opt/homebrew/include
export LDFLAGS=-L/opt/homebrew/lib./autogen.sh
./configure # Minimal build
./configure --enable-python # Optional python support
./configure --enable-jq # Optional json support
./configure --enable-python --enable-jq # Both
make
make install
Flags are controlled by using CFLAGS/LDFLAGS when invoking make. To create a debug build:
make CFLAGS="-O0 -g"
To create a static executable file on Linux and mimimal build only
make LDFLAGS="-static"
main/myanon -f tests/test1.conf < tests/test1.sql
zcat tests/test2.sql.gz | main/myanon -f tests/test2.conf
The tests directory contains examples with basic hmac anonymization, and with python rules (faker).
A PPA is available at: https://launchpad.net/~pierrepomes/+archive/ubuntu/myanon
docker build --tag myanon .
docker run -it --rm -v ${PWD}:/app myanon sh -c '/bin/myanon -f /app/myanon.conf < /app/dump.sql | gzip > /app/dump-anon.sql.gz'An alternative to the above build or run options is to use the provided Dockerfile to build inside an isolated environment, and run myanon from a container.
It's useful when:
- you can't or don't want to install a full C development environment on your host
- you want to quickly build for or run on a different architecture (e.g.:
amd64orarm64) - you want to easily distribute a self-contained
myanon(e.g.: for remote execution & processing on a Kubernetes cluster)
The provided multistage build Dockerfile is using the alpine Docker image.
Build a binary using the provided Dockerfile:
# recommended, to start from a clean state
make clean
# build using your default architecture
docker build --tag myanon .For Apple Silicon users who want to build for amd64:
# recommended, to start from a clean state
make clean
# build using the amd64 architecture
docker build --tag myanon --platform=linux/amd64 .In this example we will:
- use a
myanonconfiguration file (myanon.conf) - use a MySQL dump (
dump.sql) - generate an anonymized dump (
dump-anon.sql) based on the configuration and the full dump.
Sharing the local folder as /app on the Docker host:
docker run -it --rm -v ${PWD}:/app myanon sh -c '/bin/myanon -f /app/myanon.conf < /app/dump.sql > /app/dump-anon.sql'For Apple Silicon users who want to run as amd64:
docker run -it --rm --platform linux/amd64 -v ${PWD}:/app myanon sh -c '/bin/myanon -f /app/myanon.conf < /app/dump.sql > /app/dump-anon.sql' 
