Sensitive data discovery must be enabled.
immuta sdd run
This command allows you to run SDD on specific data sources or all data sources in your instance of Immuta.
Use these options to get more details about the sdd run
command or any of its subcommands:
-h
--help
Run immuta sdd run <dataSourceName> [flags]
, naming the data source you want to run SDD on. The options you can specify include
-d
, --dryRun
: No updates will actually be made.
-f
, --force
: Do not prompt for confirmation when attempting to run SDD on all data sources.
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
-t
, --outputTemplate string
: Run SDD with this framework. This flag can only be used with the dryRun
flag.
-w
, --wait int
: The number of seconds to wait for the SDD job(s) to finish. Default is until the SDD job(s) finish (default -1).
The example below illustrates a user running SDD on a single data source.
Run immuta sdd run
. The options you can specify include
-d
, --dryRun
: No updates will actually be made.
-f
, --force
: Do not prompt for confirmation when attempting to run SDD on all data sources.
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
-t
, --outputTemplate string
: Run SDD with this framework. This flag can only be used with the dryRun
flag.
-w
, --wait int
: The number of seconds to wait for the SDD job(s) to finish. Default is until the SDD job(s) finish (default -1).
Confirm that you want to run SDD on all data sources.
immuta sdd
This command allows you to customize and run SDD in your instance of Immuta. The table below illustrates subcommands and arguments.
Manage SDD identifiers.
Run SDD on specific data sources or all data sources.
Manage SDD frameworks.
Use these options to get more details about the sdd
command or any of its subcommands:
-h
--help
Two common workflows for using SDD are outlined below. The first illustrates how to apply a global framework to all data sources, while the second outlines how users can create and apply frameworks to data sources they own.
The tutorials linked below show how to use the CLI to complete this workflow. For an overview of how sensitive data discovery works, see this overview.
Data governor creates a framework using one or more identifiers.
Data governor creates one or more identifiers.
Data owner triggers SDD on one or more data sources and resulting tags are applied to columns where criteria were met.
Sensitive data discovery must be enabled.
immuta sdd classifier
This command allows you to manage identifiers that will apply tags to data that matches the criteria you specify during SDD. The table below illustrates subcommands and arguments.
save
Create an identifier.
None
Delete the passed identifier.
None
Get an identifier.
ls
, list
Search all identifiers.
None
Update an identifier.
Use these options to get more details about the sdd classifier
command or any of its subcommands:
-h
--help
Save your identifier to a valid YAML or JSON file using these attributes.
name
string
Unique, request-friendly identifier name.
Yes
displayName
string
Unique, human-readable identifier name.
Yes
description
string
The identifier description.
Yes
type
string
The type of criteria: regex
, dictionary
, columnNameRegex
, or builtIn
.
Yes
config
object
The configuration of the identifier, which may include config.values
, config.caseSensitive
, config.regex
, config.columnNameRegex
, and config.tags
.
Yes
config.tags
array[string]
The name of the tags to apply to the data source.
Yes
config.regex
string
A case-insensitive regular expression to match against column values.
No
config.columnNameRegex
string
A case-insensitive regular expression to match against column names.
No
config.values
array[string]
The list of words to include in the dictionary.
No
config.caseSensitive
boolean
Indicates whether or not values
are case sensitive. Defaults to false
.
No
Examples are provided below.
Run immuta sdd classifier create <filepath> [flags]
, referencing the file you just created. The options you can specify include
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
Run immuta sdd classifier get <classifierName> [flags]
, specifying the name of the identifier you would like to get. Options you can specify include
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
The example below illustrates a user getting an identifier called ACCOUNT_NUMBER_IDENTIFIER.
Run immuta sdd classifier search [string] [flags]
to list all identifiers or search identifiers by name. Options you can specify include
-h
, --help
: Help for search.
--limit int
The search limit for pagination (default 25).
--offset int
: The search offset for pagination.
--order asc | desc
: The sort order.
-o
, --output json | yaml
: The output format.
--outputTemplate string
: Format the response using a Go template.
-s
, --sort id | name | displayName | type | createdAt | updatedAt
: Field to sort by.
--type regex | columnNameRegex | dictionary | builtIn
: Limit results to the specified criteria type.
The example below illustrates a user searching all identifiers containing account
.
Update your identifier in a valid YAML or JSON file using these attributes:
name
string
Unique, request-friendly identifier name.
Yes
displayName
string
Unique, human-readable identifier name.
Yes
description
string
The identifier description.
Yes
type
string
The type of criteria: regex
, dictionary
, columnNameRegex
, or builtIn
.
Yes
config
object
The configuration of the identifier, which may include config.values
, config.caseSensitive
, config.regex
, config.columnNameRegex
, and config.tags
.
Yes
config.tags
array[string]
The name of the tags to apply to the data source.
Yes
config.regex
string
A case-insensitive regular expression to match against column values.
No
config.columnNameRegex
string
A case-insensitive regular expression to match against column names.
No
config.values
array[string]
The list of words to include in the dictionary.
No
config.caseSensitive
boolean
Indicates whether or not values
are case sensitive. Defaults to false
.
No
Run immuta sdd classifier update <classifierName> <filepath> [flags]
, referencing the file you just updated. The options you can specify include
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
The example below illustrates a user updating an identifier named ACCOUNT_NUMBER_IDENTIFIER.
Run immuta sdd classifier delete <classifierName> [flags]
to delete the identifier. The options you can specify include
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
.
immuta sdd template
This command allows you to manage identification frameworks, which are a collection of identifiers and settings used to drive the configuration of SDD runs. The table below illustrates subcommands and arguments.
Use these options to get more details about the sdd template
command or any of its subcommands:
-h
--help
Save your framework to a valid YAML or JSON file using these attributes:
An example is provided below.
Run immuta sdd template create <filepath> [flags]
, referencing the file you just created. The options you can specify include
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
Run immuta sdd template get <frameworkName> [flags]
, specifying the name of the framework you would like to get. Options you can specify include
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
The example below illustrates a user getting a framework named ACCOUNT_NUMBERS_FRAMEWORK.
Run immuta sdd template global [flags]
, to get the global framework that has been configured for sensitive data discovery. Options you can specify include
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
The example below illustrates a user getting the global framework that had been configured in the Immuta UI by an administrator.
Run immuta sdd template search [string] [flags]
to list all identification frameworks or search identification frameworks by name. Options you can specify include
--classifiers strings
: Limit results to only frameworks that contain the specified identifiers.
-h
, --help
: Help for search.
--limit int
The search limit for pagination (default 25).
--offset int
: The search offset for pagination.
--order asc | desc
: The sort order.
-o
, --output json | yaml
: The output format.
--outputTemplate string
: Format the response using a Go template.
-s
, --sort id | name | displayName | type | createdAt | updatedAt
: Field to sort by.
The example below illustrates a user searching all frameworks containing the ACCOUNT_NUMBER_IDENTIFIER
.
Update your framework in a valid YAML or JSON file using these attributes:
Run immuta sdd template update <frameworkName> <filepath> [flags]
, referencing the file you just updated. The options you can specify include
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
The example below illustrates a user updating a framework named ACCOUNT_NUMBERS_FRAMEWORK.
Run immuta sdd template delete <frameworkName> [flags]
to delete the framework. The options you can specify include
-h
or --help
: Get more information about the command.
-o
or --output json | yaml
: Specify the output format.
--outputTemplate string
: Format the response using a Go template.
name
string
Unique, request-friendly framework name.
Yes
displayName
string
Unique, human-readable framework name.
Yes
description
string
The framework description.
Yes
classifiers
array
Includes each identifier's name
and overrides
for minConfidence
and tags
.
Yes
name
string
Unique, request-friendly framework name.
Yes
displayName
string
Unique, human-readable framework name.
Yes
description
string
The framework description.
Yes
classifiers
array
Includes each identifier's name
and overrides
for minConfidence
and tags
.
Yes
save
Create an identification framework.
None
Delete the passed identification framework.
None
Get an identification framework.
None
Get the global framework.
ls
, list
Search all identification frameworks.
None
Update an identification framework.