CRYPTOGRAPHIC_HASH

Applies HMAC_SHA256 to hash values in the column.

Parameters

sourceColumns – An array of existing columns.
secretId – The ARN of the Secrets Manager secret key to use to hash the source columns, or databrew!default.
secretVersion – Optional. Defaults to the latest secret version.
entityTypeFilter – Optional array of entity types. Can be used to encrypt only detected PII in free-text column.
createSecretIfMissing – Optional boolean. If true will attempt to create the secret on behalf of the caller.


{
   "sourceColumns": ["phonenumber"],   
   "secretId": "arn:aws:secretsmanager:us-east-1:012345678901:secret:mysecret",
   "entityTypeFilter": ["USA_ALL"]
}

When working in the interactive experience, in addition to the project’s role, the console user must have permission to secretsmanager:GetSecretValue on the provided Secrets Manager secret.

Sample policy:


{
  "Version": "2012-10-17",
  "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Resource": [
                "arn:aws:secretsmanager:us-east-1:012345678901:secret:mysecret"
            ]
        }
    ]
}

You may also opt to use the DataBrew-created default secret by passing databrew!default as secretId and parameter createSecretIfMissing as true. This is not recommended for production. Anyone with the AwsGlueDataBrewFullAccessPolicy role can use the default secret.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

PII recipe steps

DECRYPT