anon

Overview

manually upgraded PGRX from 0.16.1 to 0.17.0 by Vonng

Version

Build

You can build the RPM / DEB packages for pg_anon using pig build:

pig build pkg pg_anon         # build RPM / DEB packages

Install

You can install pg_anon directly. First, make sure the PGDG and PIGSTY repositories are added and enabled:

pig repo add pgsql -u          # Add repo and update cache

Install the extension using pig or apt/yum/dnf:

• Install
• pig
• dnf
• apt

pig install pg_anon;          # Install for current active PG version

pig ext install -y pg_anon -v 18  # PG 18
pig ext install -y pg_anon -v 17  # PG 17
pig ext install -y pg_anon -v 16  # PG 16
pig ext install -y pg_anon -v 15  # PG 15
pig ext install -y pg_anon -v 14  # PG 14

dnf install -y pg_anon_18       # PG 18
dnf install -y pg_anon_17       # PG 17
dnf install -y pg_anon_16       # PG 16
dnf install -y pg_anon_15       # PG 15
dnf install -y pg_anon_14       # PG 14

apt install -y postgresql-18-pg-anon   # PG 18
apt install -y postgresql-17-pg-anon   # PG 17
apt install -y postgresql-16-pg-anon   # PG 16
apt install -y postgresql-15-pg-anon   # PG 15
apt install -y postgresql-14-pg-anon   # PG 14

Preload:

shared_preload_libraries = 'anon';

Create Extension:

CREATE EXTENSION anon;

Usage

Sources: overview, static masking, dynamic masking, anonymous dumps, masking functions

anon applies declarative masking rules with SECURITY LABEL FOR anon. The official docs center on three user-facing flows: permanent masking, masked roles, and anonymized dumps.

Initialize and Declare Rules

CREATE EXTENSION IF NOT EXISTS anon CASCADE;
SELECT anon.init();

SECURITY LABEL FOR anon ON COLUMN customer.full_name
IS 'MASKED WITH FUNCTION anon.dummy_name()';

SECURITY LABEL FOR anon ON COLUMN customer.employer
IS 'MASKED WITH FUNCTION anon.dummy_company_name()';

SECURITY LABEL FOR anon ON COLUMN customer.phone
IS 'MASKED WITH FUNCTION anon.partial(phone, 2, $$******$$, 2)';

Static Masking

Static masking rewrites the stored data in place:

SELECT anon.anonymize_database();
-- See also: anon.anonymize_table(), anon.anonymize_column()

The static-masking docs also cover shuffling, noise injection, and parallel masking for larger datasets.

Dynamic Masking

Dynamic masking hides values only from roles labeled as masked:

ALTER DATABASE demo SET session_preload_libraries = 'anon';
ALTER DATABASE demo SET anon.transparent_dynamic_masking TO true;

CREATE ROLE skynet LOGIN;
SECURITY LABEL FOR anon ON ROLE skynet IS 'MASKED';
GRANT pg_read_all_data TO skynet;

SECURITY LABEL FOR anon ON COLUMN people.lastname
IS 'MASKED WITH FUNCTION anon.dummy_last_name()';

When skynet queries the table, masked values are returned instead of the originals.

Anonymous Dumps and Pseudonymization

The current docs recommend transparent anonymous dumps through a masked role and pg_dump. Older helpers pg_dump_anon.sh and pg_dump_anon are explicitly marked deprecated.

For stable key remapping in dumps, the docs call out:

• anon.pseudo_shift(bigint)
• anon.pseudo_xor(bigint)
• anon.set_shift()

Common Functions and Caveats

Common masking helpers in the function catalog include:

• anon.dummy_first_name()
• anon.dummy_last_name()
• anon.dummy_company_name()
• anon.random_zip()
• anon.random_date_between(date, date)
• anon.partial(value, prefix, mask, suffix)

Caveats from the official docs:

• dynamic masking needs preload/configuration before masked-role sessions use it
• static masking destroys the original values
• pseudonymization is not anonymization