End-of-life (EOL) notice: Support for these endpoints is EOL. Please use the endpoints on the Manage identification page.
immuta sddThis command allows you to customize and run SDD in your instance of Immuta. The table below illustrates subcommands and arguments.
Use these options to get more details about the sdd command or any of its subcommands:
-h
--help
Two common workflows for using SDD are outlined below. The first illustrates how to apply a global framework to all data sources, while the second outlines how users can create and apply frameworks to data sources they own.
The tutorials linked below show how to use the CLI to complete this workflow. For an overview of how sensitive data discovery works, see .
Data governor using one or more identifiers.
.
.
Data governor creates one or more .
.
and resulting tags are applied to columns where criteria were met.
Manage SDD identifiers.
Run SDD on specific data sources or all data sources.
Manage SDD frameworks.
$ immuta sdd -h
Manage Sensitive Data Discovery
Usage:
immuta sdd [command]
Available Commands:
classifier Manage Sensitive Data Discovery Classifiers
run Run Sensitive Data Discovery with provided options
template Manage Sensitive Data Discovery Templates
Flags:
-h, --help Help for sdd
Global Flags:
--config string Config file (default $HOME/.immutacfg.yaml)
-p, --profile string Specifies the profile for what instance/api the cli will use (default "default")
Use "immuta sdd [command] --help" for more information about a command.End-of-life (EOL) notice: Support for these endpoints is EOL. Please use the endpoints on the Manage identification page.
Sensitive data discovery must be enabled.
immuta sdd runThis command allows you to run SDD on specific data sources or all data sources in your instance of Immuta.
Use these options to get more details about the sdd run command or any of its subcommands:
-h
--help
Run immuta sdd run <dataSourceName> [flags], naming the data source you want to run SDD on. The options you can specify include
-d, --dryRun: No updates will actually be made.
-f, --force: Do not prompt for confirmation when attempting to run SDD on all data sources.
-h or --help
The example below illustrates a user running SDD on a single data source.
Run immuta sdd run. The options you can specify include
-d, --dryRun: No updates will actually be made.
-f, --force
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
-t, --outputTemplate string: Run SDD with this framework. This flag can only be used with the dryRun flag.
-w, --wait int: The number of seconds to wait for the SDD job(s) to finish. Default is until the SDD job(s) finish (default -1).
-h or --help: Get more information about the command.
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
-t, --outputTemplate string: Run SDD with this framework. This flag can only be used with the dryRun flag.
-w, --wait int: The number of seconds to wait for the SDD job(s) to finish. Default is until the SDD job(s) finish (default -1).
Confirm that you want to run SDD on all data sources.
$ immuta sdd -h
Run Sensitive Data Discovery with provided options
Usage:
immuta sdd run [datasourceName(s)] [flags]
Examples:
# run SDD as a dry run on the specified data sources
$ immuta sdd run "Datasource One" "Datasource Two" --dryRun --template "someFramework"
# run SDD on ALL data sources in immuta
$ immuta sdd run
Flags:
-d, --dryRun No updates will actually be made
-f, --force Do not prompt for confirmation when attempting to run sdd on all data sources
-h, --help Help for run
-o, --output json | yaml Output format
--outputTemplate string Format the response using a Go template
-t, --template string Run SDD with this template, can only be used with the dryRun flag
-w, --wait int The number of seconds to wait for the SDD job(s) to finish. Default is until the SDD job(s) finish (default -1)
Global Flags:
--config string Config file (default $HOME/.immutacfg.yaml)
-p, --profile string Specifies the profile for what instance/api the cli will use (default "default")$ immuta sdd run "Credit Accounts"
Running SDD
Credit Accounts 06b71830-aebc-11ec-970b-51ffefcbfd0c completed$ immuta sdd run
Running SDD
Started 8 SDD jobsEnd-of-life (EOL) notice: Support for these endpoints is EOL. Please use the endpoints on the Manage identification page.
Sensitive data discovery must be enabled.
immuta sdd classifierThis command allows you to manage identifiers that will apply tags to data that matches the criteria you specify during SDD. The table below illustrates subcommands and arguments.
Use these options to get more details about the sdd classifier command or any of its subcommands:
-h
--help
Save your identifier to a valid YAML or JSON file using these attributes.
Run immuta sdd classifier get <classifierName> [flags], specifying the name of the identifier you would like to get. Options you can specify include
-h or --help: Get more information about the command.
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
The example below illustrates a user getting an identifier called ACCOUNT_NUMBER_IDENTIFIER.
Run immuta sdd classifier search [string] [flags] to list all identifiers or search identifiers by name. Options you can specify include
-h, --help: Help for search.
--limit int The search limit for pagination (default 25).
--offset int: The search offset for pagination.
The example below illustrates a user searching all identifiers containing account.
Update your identifier in a valid YAML or JSON file using these attributes:
The example below illustrates a user updating an identifier named ACCOUNT_NUMBER_IDENTIFIER.
Run immuta sdd classifier delete <classifierName> [flags] to delete the identifier. The options you can specify include
-h or --help: Get more information about the command.
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
None
Update an identifier.
Yes
type
string The type of criteria: regex, dictionary, columnNameRegex, or builtIn.
Yes
config
object The configuration of the identifier, which may include config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.
Yes
config.tags
array[string] The name of the tags to apply to the data source.
Yes
config.regex
string A case-insensitive regular expression to match against column values.
No
config.columnNameRegex
string A case-insensitive regular expression to match against column names.
No
config.values
array[string] The list of words to include in the dictionary.
No
config.caseSensitive
boolean Indicates whether or not values are case sensitive. Defaults to false.
No
Examples are provided below.
Run immuta sdd classifier create <filepath> [flags], referencing the file you just created. The options you can specify include
-h or --help: Get more information about the command.
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
--order asc | desc: The sort order.
-o, --output json | yaml: The output format.
--outputTemplate string: Format the response using a Go template.
-s, --sort id | name | displayName | type | createdAt | updatedAt: Field to sort by.
--type regex | columnNameRegex | dictionary | builtIn: Limit results to the specified criteria type.
Yes
type
string The type of criteria: regex, dictionary, columnNameRegex, or builtIn.
Yes
config
object The configuration of the identifier, which may include config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.
Yes
config.tags
array[string] The name of the tags to apply to the data source.
Yes
config.regex
string A case-insensitive regular expression to match against column values.
No
config.columnNameRegex
string A case-insensitive regular expression to match against column names.
No
config.values
array[string] The list of words to include in the dictionary.
No
config.caseSensitive
boolean Indicates whether or not values are case sensitive. Defaults to false.
No
Run immuta sdd classifier update <classifierName> <filepath> [flags], referencing the file you just updated. The options you can specify include
-h or --help: Get more information about the command.
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
save
Create an identifier.
None
Delete the passed identifier.
None
Get an identifier.
ls, list
name
string Unique, request-friendly identifier name.
Yes
displayName
string Unique, human-readable identifier name.
Yes
description
name
string Unique, request-friendly identifier name.
Yes
displayName
string Unique, human-readable identifier name.
Yes
description
Search all identifiers.
string The identifier description.
string The identifier description.
$ immuta sdd classifier -h
Manage Sensitive Data Discovery Classifiers
Usage:
immuta sdd classifier [command]
Available Commands:
create Create an SDD classifier
delete Delete the passed SDD classifier
get Get an SDD classifier
search Search all classifiers
update Update an SDD classifier
Flags:
-h, --help Help for classifier
Global Flags:
--config string Config file (default $HOME/.immutacfg.yaml)
-p, --profile string Specifies the profile for what instance/api the cli will use (default "default")
Use "immuta sdd classifier [command] --help" for more information about a command.{
"name": "MY_REGEX_IDENTIFIER",
"displayName": "My Regex Identifier",
"description": "A regex identifier",
"type": "regex",
"config": {
"regex": "^[A-Z][a-z]+",
"tags": ["Discovered.regex-example"]
}
}{
"name": "MY_DICTIONARY_IDENTIFIER",
"displayName": "My Dictionary Identifier",
"description": "A dictionary identifier",
"type": "dictionary",
"config": {
"values": ["Bob", "Eve"],
"caseSensitive": true,
"tags": ["Discovered.dictionary-example", "Discovered.dictionary-example"]
}
}{
"name": "MY_COLUMN_NAME_REGEX_IDENTIFIER",
"displayName": "My Column Name Regex Identifier",
"description": "A column name regex identifier",
"type": "columnNameRegex",
"config": {
"columnNameRegex": "ssn|social ?security",
"tags": ["Discovered.column-name-regex-example"]
}
}$ immuta sdd classifier create ./account-classifier.json
Creating classifier from ./account-classifier...
Create successful.$ immuta sdd classifier get ACCOUNT_NUMBER_IDENTIFIER
Getting classifier ACCOUNT_NUMBER_IDENTIFIER...
{
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"name": "ACCOUNT_NUMBER_IDENTIFIER",
"displayName": "Account Number Identifier",
"description": "This identifier recognizes account numbers using a regex critiera",
"type": "regex",
"config": {
"tags": [
"Discovered.account-number"
],
"regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
},
"id": 69,
"createdAt": "2022-03-28T14:52:14.004Z",
"updatedAt": "2022-03-28T14:52:14.004Z"
}$ immuta sdd classifier search account
Searching all classifiers...
ACCOUNT_NUMBER_IDENTIFIER This identifier recognizes account numbers using a regex criteria.$ immuta sdd classifier update ACCOUNT_NUMBER_IDENTIFIER ./account-classifier -o json
{
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"name": "ACCOUNT_NUMBER_IDENTIFIER",
"displayName": "Account Number Identifier",
"description": "This identifier recognizes account numbers using a regex criteria.",
"type": "regex",
"config": {
"tags": [
"Discovered.account-number"
],
"regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
},
"id": 69,
"createdAt": "2022-03-28T14:52:14.004Z",
"updatedAt": "2022-03-28T15:25:28.575Z"
}$ immuta sdd classifier delete ACCOUNT_NUMBER_IDENTIFIER -o json
{
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"name": "ACCOUNT_NUMBER_IDENTIFIER",
"displayName": "Account Number Identifier",
"description": "This identifier recognizes account numbers using a regex criteria.",
"type": "regex",
"config": {
"tags": [
"Discovered.account-number"
],
"regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
},
"id": 69,
"createdAt": "2022-03-28T14:52:14.004Z",
"updatedAt": "2022-03-28T15:25:28.575Z"
}End-of-life (EOL) notice: Support for these endpoints is EOL. Please use the endpoints on the Manage identification page.
Sensitive data discovery must be enabled.
immuta sdd templateThis command allows you to manage identification frameworks, which are a collection of identifiers and settings used to drive the configuration of SDD runs. The table below illustrates subcommands and arguments.
Use these options to get more details about the sdd template command or any of its subcommands:
-h
--help
Save your framework to a valid YAML or JSON file using these attributes:
Run immuta sdd template get <frameworkName> [flags], specifying the name of the framework you would like to get. Options you can specify include
-h or --help: Get more information about the command.
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
The example below illustrates a user getting a framework named ACCOUNT_NUMBERS_FRAMEWORK.
Run immuta sdd template global [flags], to get the global framework that has been configured for sensitive data discovery. Options you can specify include
-h or --help: Get more information about the command.
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
The example below illustrates a user getting the global framework that had been configured in the Immuta UI by an administrator.
Run immuta sdd template search [string] [flags] to list all identification frameworks or search identification frameworks by name. Options you can specify include
--classifiers strings: Limit results to only frameworks that contain the specified identifiers.
-h, --help: Help for search.
--limit int The search limit for pagination (default 25).
The example below illustrates a user searching all frameworks containing the ACCOUNT_NUMBER_IDENTIFIER.
Update your framework in a valid YAML or JSON file using these attributes:
The example below illustrates a user updating a framework named ACCOUNT_NUMBERS_FRAMEWORK.
Run immuta sdd template delete <frameworkName> [flags] to delete the framework. The options you can specify include
-h or --help: Get more information about the command.
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
ls, list
Search all identification frameworks.
None
Update an identification framework.
Yes
classifiers
array Includes each identifier's name and overrides for minConfidence and tags.
Yes
An example is provided below.
Run immuta sdd template create <filepath> [flags], referencing the file you just created. The options you can specify include
-h or --help: Get more information about the command.
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
--offset int: The search offset for pagination.
--order asc | desc: The sort order.
-o, --output json | yaml: The output format.
--outputTemplate string: Format the response using a Go template.
-s, --sort id | name | displayName | type | createdAt | updatedAt: Field to sort by.
Yes
classifiers
array Includes each identifier's name and overrides for minConfidence and tags.
Yes
Run immuta sdd template update <frameworkName> <filepath> [flags], referencing the file you just updated. The options you can specify include
-h or --help: Get more information about the command.
-o or --output json | yaml: Specify the output format.
--outputTemplate string: Format the response using a Go template.
save
Create an identification framework.
None
Delete the passed identification framework.
None
Get an identification framework.
None
name
string Unique, request-friendly framework name.
Yes
displayName
string Unique, human-readable framework name.
Yes
description
name
string Unique, request-friendly framework name.
Yes
displayName
string Unique, human-readable framework name.
Yes
description
Get the global framework.
string The framework description.
string The framework description.
$ immuta sdd template -h
Manage Sensitive Data Discovery Templates
Usage:
immuta sdd template [command]
Available Commands:
create Create an SDD template
delete Delete the passed SDD template
get Get an SDD template
global Get the SDD global template
search Search all templates
update Update an SDD template
Flags:
-h, --help Help for template
Global Flags:
--config string Config file (default $HOME/.immutacfg.yaml)
-p, --profile string Specifies the profile for what instance/api the cli will use (default "default")
Use "immuta sdd template [command] --help" for more information about a command.$ immuta sdd template create ./account-template.json -o json
{
"name": "ACCOUNT_NUMBERS_FRAMEWORK",
"displayName": "Account Numbers Framework",
"description": "This framework contains the identifier that recognizes account numbers.",
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"id": 2,
"createdAt": "2022-03-28T15:48:02.977Z",
"updatedAt": "2022-03-28T15:48:02.977Z",
"classifiers": [
{
"name": "ACCOUNT_NUMBER_IDENTIFIER",
"overrides": {}
}
]
}$ immuta sdd template get ACCOUNT_NUMBERS_FRAMEWORK
Getting template ACCOUNT_NUMBERS_FRAMEWORK...
{
"name": "ACCOUNT_NUMBERS_FRAMEWORK",
"displayName": "Account Numbers Framework",
"description": "This framework contains the identifier that recognizes account numbers.",
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"id": 2,
"createdAt": "2022-03-28T15:48:02.977Z",
"updatedAt": "2022-03-28T15:48:02.977Z",
"classifiers": [
{
"name": "ACCOUNT_NUMBER_IDENTIFIER",
"overrides": {}
}
]
}$ immuta sdd template global
Getting global template...
{
"name": "ACCOUNT_NUMBERS_FRAMEWORK",
"displayName": "Account Numbers Framework",
"description": "This framework contains the identifier that recognizes account numbers.",
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"id": 3,
"createdAt": "2022-03-28T17:10:48.507Z",
"updatedAt": "2022-03-28T17:10:48.507Z",
"classifiers": [
{
"name": "ACCOUNT_NUMBER_IDENTIFIER",
"overrides": {}
}
]
}$ immuta sdd template search --classifiers="ACCOUNT_NUMBER_IDENTIFIER"
Searching all templates...
ACCOUNT_NUMBERS_FRAMEWORK This framework contains the identifier that recognizes account numbers.
Displaying 1 of 1 templates$ immuta sdd template update ACCOUNT_NUMBERS_FRAMEWORK ./account-template -o json
{
"name": "ACCOUNT_NUMBERS_FRAMEWORK",
"displayName": "Account Numbers Framework",
"description": "This framework contains the identifier that recognizes account numbers.",
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"id": 2,
"createdAt": "2022-03-28T15:48:02.977Z",
"updatedAt": "2022-03-28T16:15:01.791Z",
"classifiers": [
{
"name": "ACCOUNT_NUMBER_IDENTIFIER",
"overrides": {}
}
]
}$ immuta sdd template delete ACCOUNT_NUMBERS_FRAMEWORK -o json
{
"name": "ACCOUNT_NUMBERS_FRAMEWORK",
"displayName": "Account Numbers Framework",
"description": "This framework contains the identifier that recognizes account numbers.",
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"id": 2,
"createdAt": "2022-03-28T15:48:02.977Z",
"updatedAt": "2022-03-28T16:15:01.791Z",
"classifiers": [
{
"name": "ACCOUNT_NUMBER_FRAMEWORK",
"overrides": {}
}
]
}{
"name": "ACCOUNT_NUMBERS_FRAMEWORK",
"displayName": "Account Numbers Framework",
"description": "This framework contains the identifier that recognizes account numbers.",
"classifiers": [
{
"name": "ACCOUNT_NUMBER_IDENTIFIER"
}
]
}