anon
pg_anon : PostgreSQL Anonymizer (anon) extension
Overview
| ID | Extension | Package | Version | Category | License | Language |
|---|---|---|---|---|---|---|
| 7070 | anon | pg_anon | 3.0.13 | SEC | PostgreSQL | Rust |
| Attribute | Has Binary | Has Library | Need Load | Has DDL | Relocatable | Trusted |
|---|---|---|---|---|---|---|
--sLd-- | No | Yes | Yes | Yes | no | no |
| Relationships | |
|---|---|
| Schemas | anon |
| See Also | faker pgsodium pgcrypto pgaudit set_user pg_tde |
manually upgraded PGRX from 0.16.1 to 0.17.0 by Vonng
Packages
| Type | Repo | Version | PG Major Compatibility | Package Pattern | Dependencies |
|---|---|---|---|---|---|
| EXT | PIGSTY | 3.0.13 | 18 17 16 15 14 | pg_anon | - |
| RPM | PIGSTY | 3.0.13 | 18 17 16 15 14 | pg_anon_$v | - |
| DEB | PIGSTY | 3.0.13 | 18 17 16 15 14 | postgresql-$v-pg-anon | - |
| Linux / PG | PG18 | PG17 | PG16 | PG15 | PG14 |
|---|---|---|---|---|---|
el8.x86_64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
el8.aarch64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
el9.x86_64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
el9.aarch64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
el10.x86_64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
el10.aarch64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
d12.x86_64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
d12.aarch64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
d13.x86_64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
d13.aarch64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
u22.x86_64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
u22.aarch64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
u24.x86_64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
u24.aarch64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
u26.x86_64 | MISS | MISS | MISS | MISS | MISS |
u26.aarch64 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 | PIGSTY 3.0.13 |
Source
pig build pkg pg_anon; # build rpm/debInstall
Make sure PGDG and PIGSTY repo available:
pig repo add pgsql -u # add both repo and update cacheInstall this extension with pig:
pig install pg_anon; # install via package name, for the active PG version
pig install anon; # install by extension name, for the current active PG version
pig install anon -v 18; # install for PG 18
pig install anon -v 17; # install for PG 17
pig install anon -v 16; # install for PG 16
pig install anon -v 15; # install for PG 15
pig install anon -v 14; # install for PG 14Config this extension to shared_preload_libraries:
shared_preload_libraries = 'anon';Create this extension with:
CREATE EXTENSION anon;Usage
Sources: overview, static masking, dynamic masking, anonymous dumps, masking functions, release 3.0.13
anon applies declarative masking rules with SECURITY LABEL FOR anon. The official docs describe six masking methods: anonymous dumps, static masking, dynamic masking, replica masking, masking views, and masking data wrappers.
Initialize and Declare Rules
CREATE EXTENSION IF NOT EXISTS anon CASCADE;
SELECT anon.init();
SECURITY LABEL FOR anon ON COLUMN customer.full_name
IS 'MASKED WITH FUNCTION anon.dummy_name()';
SECURITY LABEL FOR anon ON COLUMN customer.employer
IS 'MASKED WITH FUNCTION anon.dummy_company_name()';
SECURITY LABEL FOR anon ON COLUMN customer.phone
IS 'MASKED WITH FUNCTION anon.partial(phone, 2, $$******$$, 2)';Static Masking
Static masking rewrites the stored data in place:
SELECT anon.anonymize_database();
-- See also: anon.anonymize_table(), anon.anonymize_column()
-- For larger databases: anon.anonymize_database_parallel(worker_count)The static-masking docs also cover shuffling, noise injection, and parallel masking for larger datasets. Parallel static masking is bounded by anon.max_bg_workers and the server’s max_worker_processes.
Dynamic Masking
Dynamic masking hides values only from roles labeled as masked:
ALTER DATABASE demo SET session_preload_libraries = 'anon';
ALTER DATABASE demo SET anon.transparent_dynamic_masking TO true;
CREATE ROLE skynet LOGIN;
SECURITY LABEL FOR anon ON ROLE skynet IS 'MASKED';
GRANT pg_read_all_data TO skynet;
SECURITY LABEL FOR anon ON COLUMN people.lastname
IS 'MASKED WITH FUNCTION anon.dummy_last_name()';When skynet queries the table, masked values are returned instead of the originals.
Anonymous Dumps and Pseudonymization
The current docs recommend transparent anonymous dumps through a masked role and pg_dump. Older helpers pg_dump_anon.sh and pg_dump_anon are explicitly marked deprecated.
For PostgreSQL 17 and later, the dump example uses --exclude-extension="anon" with --no-security-labels; older pg_dump versions need another extension-selection approach such as --extension plpgsql.
For stable key remapping in dumps, the docs call out:
anon.pseudo_shift(bigint)anon.pseudo_xor(bigint)anon.set_shift()
Common Functions and Caveats
Common masking helpers in the function catalog include:
anon.dummy_first_name()anon.dummy_last_name()anon.dummy_company_name()anon.random_zip()anon.random_date_between(date, date)anon.partial(value, prefix, mask, suffix)
Caveats from the official docs:
- dynamic masking needs preload/configuration before masked-role sessions use it
- static masking destroys the original values
- pseudonymization is not anonymization