CRYPTOGRAPHIC_HASH
Applies HMAC_SHA256 to hash values in the column.
Parameters
-
sourceColumns
– An array of existing columns. -
secretId
– The ARN of the Secrets Manager secret key to use to hash the source columns, ordatabrew!default
. -
secretVersion
– Optional. Defaults to the latest secret version. -
entityTypeFilter
– Optional array of entity types. Can be used to encrypt only detected PII in free-text column. -
createSecretIfMissing
– Optional boolean. If true will attempt to create the secret on behalf of the caller.
{ "sourceColumns": ["phonenumber"], "secretId": "arn:aws:secretsmanager:us-east-1:012345678901:secret:mysecret", "entityTypeFilter": ["USA_ALL"] }
When working in the interactive experience, in addition to the project’s role, the
console user must have permission to secretsmanager:GetSecretValue
on the provided
Secrets Manager secret.
Sample policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:us-east-1:012345678901:secret:mysecret" ] } ] }
You may also opt to use the DataBrew-created default secret by passing
databrew!default
as secretId and parameter createSecretIfMissing
as
true. This is not recommended for production. Anyone with the
AwsGlueDataBrewFullAccessPolicy role can use the default secret.