anon – PGEXT.CLOUD

anon

pg_anon : PostgreSQL Anonymizer (anon) extension

Overview

ID	Extension	Package	Version	Category	License	Language
7050	anon	pg_anon	`3.0.1`	SEC	PostgreSQL	Rust

Attribute	Has Binary	Has Library	Need Load	Has DDL	Relocatable	Trusted
--sLd--	No	Yes	Yes	Yes	no	no

Relationships
Schemas	`anon`
See Also	faker pgsodium pgcrypto pgaudit set_user pg_tde

Packages

Type	Repo	Version	PG Major Compatibility	Package Pattern	Dependencies
EXT	PIGSTY	`3.0.1`	18 17 16 15 14	`pg_anon`	-
RPM	PIGSTY	`3.0.1`	18 17 16 15 14	`pg_anon_$v`	-
DEB	PIGSTY	`3.0.1`	18 17 16 15 14	`postgresql-$v-pg-anon`	-

Linux / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
el8.aarch64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
el9.x86_64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
el9.aarch64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
el10.x86_64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
el10.aarch64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
d12.x86_64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
d12.aarch64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
d13.x86_64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
d13.aarch64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
u22.x86_64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
u22.aarch64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
u24.x86_64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1
u24.aarch64	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1	PIGSTY 3.0.1

Package	Version	OS	ORG	SIZE	File URL
`pg_anon_18`	`3.0.1`	el8.x86_64	pigsty	2.9 MiB	pg_anon_18-3.0.1-1PIGSTY.el8.x86_64.rpm
`pg_anon_18`	`3.0.1`	el8.aarch64	pigsty	2.6 MiB	pg_anon_18-3.0.1-1PIGSTY.el8.aarch64.rpm
`pg_anon_18`	`3.0.1`	el9.x86_64	pigsty	2.9 MiB	pg_anon_18-3.0.1-1PIGSTY.el9.x86_64.rpm
`pg_anon_18`	`3.0.1`	el9.aarch64	pigsty	2.7 MiB	pg_anon_18-3.0.1-1PIGSTY.el9.aarch64.rpm
`pg_anon_18`	`3.0.1`	el10.x86_64	pigsty	2.9 MiB	pg_anon_18-3.0.1-1PIGSTY.el10.x86_64.rpm
`pg_anon_18`	`3.0.1`	el10.aarch64	pigsty	2.7 MiB	pg_anon_18-3.0.1-1PIGSTY.el10.aarch64.rpm
`postgresql-18-pg-anon`	`3.0.1`	d12.x86_64	pigsty	2.6 MiB	postgresql-18-pg-anon_3.0.1-1PIGSTY~bookworm_amd64.deb
`postgresql-18-pg-anon`	`3.0.1`	d12.aarch64	pigsty	2.2 MiB	postgresql-18-pg-anon_3.0.1-1PIGSTY~bookworm_arm64.deb
`postgresql-18-pg-anon`	`3.0.1`	d13.x86_64	pigsty	2.6 MiB	postgresql-18-pg-anon_3.0.1-1PIGSTY~trixie_amd64.deb
`postgresql-18-pg-anon`	`3.0.1`	d13.aarch64	pigsty	2.2 MiB	postgresql-18-pg-anon_3.0.1-1PIGSTY~trixie_arm64.deb
`postgresql-18-pg-anon`	`3.0.1`	u22.x86_64	pigsty	2.9 MiB	postgresql-18-pg-anon_3.0.1-1PIGSTY~jammy_amd64.deb
`postgresql-18-pg-anon`	`3.0.1`	u22.aarch64	pigsty	2.7 MiB	postgresql-18-pg-anon_3.0.1-1PIGSTY~jammy_arm64.deb
`postgresql-18-pg-anon`	`3.0.1`	u24.x86_64	pigsty	2.9 MiB	postgresql-18-pg-anon_3.0.1-1PIGSTY~noble_amd64.deb
`postgresql-18-pg-anon`	`3.0.1`	u24.aarch64	pigsty	2.6 MiB	postgresql-18-pg-anon_3.0.1-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pg_anon_17`	`3.0.1`	el8.x86_64	pigsty	2.9 MiB	pg_anon_17-3.0.1-1PIGSTY.el8.x86_64.rpm
`pg_anon_17`	`3.0.1`	el8.aarch64	pigsty	2.6 MiB	pg_anon_17-3.0.1-1PIGSTY.el8.aarch64.rpm
`pg_anon_17`	`3.0.1`	el9.x86_64	pigsty	2.9 MiB	pg_anon_17-3.0.1-1PIGSTY.el9.x86_64.rpm
`pg_anon_17`	`3.0.1`	el9.aarch64	pigsty	2.7 MiB	pg_anon_17-3.0.1-1PIGSTY.el9.aarch64.rpm
`pg_anon_17`	`3.0.1`	el10.x86_64	pigsty	2.9 MiB	pg_anon_17-3.0.1-1PIGSTY.el10.x86_64.rpm
`pg_anon_17`	`3.0.1`	el10.aarch64	pigsty	2.7 MiB	pg_anon_17-3.0.1-1PIGSTY.el10.aarch64.rpm
`postgresql-17-pg-anon`	`3.0.1`	d12.x86_64	pigsty	2.6 MiB	postgresql-17-pg-anon_3.0.1-1PIGSTY~bookworm_amd64.deb
`postgresql-17-pg-anon`	`3.0.1`	d12.aarch64	pigsty	2.2 MiB	postgresql-17-pg-anon_3.0.1-1PIGSTY~bookworm_arm64.deb
`postgresql-17-pg-anon`	`3.0.1`	d13.x86_64	pigsty	2.6 MiB	postgresql-17-pg-anon_3.0.1-1PIGSTY~trixie_amd64.deb
`postgresql-17-pg-anon`	`3.0.1`	d13.aarch64	pigsty	2.2 MiB	postgresql-17-pg-anon_3.0.1-1PIGSTY~trixie_arm64.deb
`postgresql-17-pg-anon`	`3.0.1`	u22.x86_64	pigsty	2.9 MiB	postgresql-17-pg-anon_3.0.1-1PIGSTY~jammy_amd64.deb
`postgresql-17-pg-anon`	`3.0.1`	u22.aarch64	pigsty	2.7 MiB	postgresql-17-pg-anon_3.0.1-1PIGSTY~jammy_arm64.deb
`postgresql-17-pg-anon`	`3.0.1`	u24.x86_64	pigsty	2.9 MiB	postgresql-17-pg-anon_3.0.1-1PIGSTY~noble_amd64.deb
`postgresql-17-pg-anon`	`3.0.1`	u24.aarch64	pigsty	2.6 MiB	postgresql-17-pg-anon_3.0.1-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pg_anon_16`	`3.0.1`	el8.x86_64	pigsty	2.9 MiB	pg_anon_16-3.0.1-1PIGSTY.el8.x86_64.rpm
`pg_anon_16`	`3.0.1`	el8.aarch64	pigsty	2.6 MiB	pg_anon_16-3.0.1-1PIGSTY.el8.aarch64.rpm
`pg_anon_16`	`3.0.1`	el9.x86_64	pigsty	2.9 MiB	pg_anon_16-3.0.1-1PIGSTY.el9.x86_64.rpm
`pg_anon_16`	`3.0.1`	el9.aarch64	pigsty	2.7 MiB	pg_anon_16-3.0.1-1PIGSTY.el9.aarch64.rpm
`pg_anon_16`	`3.0.1`	el10.x86_64	pigsty	2.9 MiB	pg_anon_16-3.0.1-1PIGSTY.el10.x86_64.rpm
`pg_anon_16`	`3.0.1`	el10.aarch64	pigsty	2.7 MiB	pg_anon_16-3.0.1-1PIGSTY.el10.aarch64.rpm
`postgresql-16-pg-anon`	`3.0.1`	d12.x86_64	pigsty	2.6 MiB	postgresql-16-pg-anon_3.0.1-1PIGSTY~bookworm_amd64.deb
`postgresql-16-pg-anon`	`3.0.1`	d12.aarch64	pigsty	2.2 MiB	postgresql-16-pg-anon_3.0.1-1PIGSTY~bookworm_arm64.deb
`postgresql-16-pg-anon`	`3.0.1`	d13.x86_64	pigsty	2.6 MiB	postgresql-16-pg-anon_3.0.1-1PIGSTY~trixie_amd64.deb
`postgresql-16-pg-anon`	`3.0.1`	d13.aarch64	pigsty	2.2 MiB	postgresql-16-pg-anon_3.0.1-1PIGSTY~trixie_arm64.deb
`postgresql-16-pg-anon`	`3.0.1`	u22.x86_64	pigsty	2.9 MiB	postgresql-16-pg-anon_3.0.1-1PIGSTY~jammy_amd64.deb
`postgresql-16-pg-anon`	`3.0.1`	u22.aarch64	pigsty	2.7 MiB	postgresql-16-pg-anon_3.0.1-1PIGSTY~jammy_arm64.deb
`postgresql-16-pg-anon`	`3.0.1`	u24.x86_64	pigsty	2.9 MiB	postgresql-16-pg-anon_3.0.1-1PIGSTY~noble_amd64.deb
`postgresql-16-pg-anon`	`3.0.1`	u24.aarch64	pigsty	2.6 MiB	postgresql-16-pg-anon_3.0.1-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pg_anon_15`	`3.0.1`	el8.x86_64	pigsty	2.9 MiB	pg_anon_15-3.0.1-1PIGSTY.el8.x86_64.rpm
`pg_anon_15`	`3.0.1`	el8.aarch64	pigsty	2.6 MiB	pg_anon_15-3.0.1-1PIGSTY.el8.aarch64.rpm
`pg_anon_15`	`3.0.1`	el9.x86_64	pigsty	3.0 MiB	pg_anon_15-3.0.1-1PIGSTY.el9.x86_64.rpm
`pg_anon_15`	`3.0.1`	el9.aarch64	pigsty	2.7 MiB	pg_anon_15-3.0.1-1PIGSTY.el9.aarch64.rpm
`pg_anon_15`	`3.0.1`	el10.x86_64	pigsty	2.9 MiB	pg_anon_15-3.0.1-1PIGSTY.el10.x86_64.rpm
`pg_anon_15`	`3.0.1`	el10.aarch64	pigsty	2.7 MiB	pg_anon_15-3.0.1-1PIGSTY.el10.aarch64.rpm
`postgresql-15-pg-anon`	`3.0.1`	d12.x86_64	pigsty	2.6 MiB	postgresql-15-pg-anon_3.0.1-1PIGSTY~bookworm_amd64.deb
`postgresql-15-pg-anon`	`3.0.1`	d12.aarch64	pigsty	2.2 MiB	postgresql-15-pg-anon_3.0.1-1PIGSTY~bookworm_arm64.deb
`postgresql-15-pg-anon`	`3.0.1`	d13.x86_64	pigsty	2.6 MiB	postgresql-15-pg-anon_3.0.1-1PIGSTY~trixie_amd64.deb
`postgresql-15-pg-anon`	`3.0.1`	d13.aarch64	pigsty	2.2 MiB	postgresql-15-pg-anon_3.0.1-1PIGSTY~trixie_arm64.deb
`postgresql-15-pg-anon`	`3.0.1`	u22.x86_64	pigsty	2.9 MiB	postgresql-15-pg-anon_3.0.1-1PIGSTY~jammy_amd64.deb
`postgresql-15-pg-anon`	`3.0.1`	u22.aarch64	pigsty	2.7 MiB	postgresql-15-pg-anon_3.0.1-1PIGSTY~jammy_arm64.deb
`postgresql-15-pg-anon`	`3.0.1`	u24.x86_64	pigsty	2.9 MiB	postgresql-15-pg-anon_3.0.1-1PIGSTY~noble_amd64.deb
`postgresql-15-pg-anon`	`3.0.1`	u24.aarch64	pigsty	2.6 MiB	postgresql-15-pg-anon_3.0.1-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pg_anon_14`	`3.0.1`	el8.x86_64	pigsty	2.9 MiB	pg_anon_14-3.0.1-1PIGSTY.el8.x86_64.rpm
`pg_anon_14`	`3.0.1`	el8.aarch64	pigsty	2.6 MiB	pg_anon_14-3.0.1-1PIGSTY.el8.aarch64.rpm
`pg_anon_14`	`3.0.1`	el9.x86_64	pigsty	2.9 MiB	pg_anon_14-3.0.1-1PIGSTY.el9.x86_64.rpm
`pg_anon_14`	`3.0.1`	el9.aarch64	pigsty	2.7 MiB	pg_anon_14-3.0.1-1PIGSTY.el9.aarch64.rpm
`pg_anon_14`	`3.0.1`	el10.x86_64	pigsty	2.9 MiB	pg_anon_14-3.0.1-1PIGSTY.el10.x86_64.rpm
`pg_anon_14`	`3.0.1`	el10.aarch64	pigsty	2.7 MiB	pg_anon_14-3.0.1-1PIGSTY.el10.aarch64.rpm
`postgresql-14-pg-anon`	`3.0.1`	d12.x86_64	pigsty	2.6 MiB	postgresql-14-pg-anon_3.0.1-1PIGSTY~bookworm_amd64.deb
`postgresql-14-pg-anon`	`3.0.1`	d12.aarch64	pigsty	2.2 MiB	postgresql-14-pg-anon_3.0.1-1PIGSTY~bookworm_arm64.deb
`postgresql-14-pg-anon`	`3.0.1`	d13.x86_64	pigsty	2.6 MiB	postgresql-14-pg-anon_3.0.1-1PIGSTY~trixie_amd64.deb
`postgresql-14-pg-anon`	`3.0.1`	d13.aarch64	pigsty	2.2 MiB	postgresql-14-pg-anon_3.0.1-1PIGSTY~trixie_arm64.deb
`postgresql-14-pg-anon`	`3.0.1`	u22.x86_64	pigsty	2.9 MiB	postgresql-14-pg-anon_3.0.1-1PIGSTY~jammy_amd64.deb
`postgresql-14-pg-anon`	`3.0.1`	u22.aarch64	pigsty	2.6 MiB	postgresql-14-pg-anon_3.0.1-1PIGSTY~jammy_arm64.deb
`postgresql-14-pg-anon`	`3.0.1`	u24.x86_64	pigsty	2.9 MiB	postgresql-14-pg-anon_3.0.1-1PIGSTY~noble_amd64.deb
`postgresql-14-pg-anon`	`3.0.1`	u24.aarch64	pigsty	2.6 MiB	postgresql-14-pg-anon_3.0.1-1PIGSTY~noble_arm64.deb

Source

Repository

gitlab.com/dalibo/postgresql_anonymizer/

Source Tarball

pg_anon-3.0.1.tar.gz

pig build pkg pg_anon;		# build rpm/deb

Install

Make sure PGDG and PIGSTY repo available:

pig repo add pgsql -u   # add both repo and update cache

Install this extension with pig:

pig install pg_anon;		# install via package name, for the active PG version
pig install anon;		# install by extension name, for the current active PG version

pig install anon -v 18;   # install for PG 18
pig install anon -v 17;   # install for PG 17
pig install anon -v 16;   # install for PG 16
pig install anon -v 15;   # install for PG 15
pig install anon -v 14;   # install for PG 14

Config this extension to shared_preload_libraries:

shared_preload_libraries = 'anon';

Create this extension with:

CREATE EXTENSION anon;

Usage

anon: Anonymization & Data Masking for PostgreSQL

postgresql_anonymizer (extension name: anon) masks or replaces personally identifiable information (PII) using a declarative approach. Masking rules are defined directly in the database schema using security labels.

CREATE EXTENSION IF NOT EXISTS anon CASCADE;
SELECT anon.init();

Declaring Masking Rules

SECURITY LABEL FOR anon ON COLUMN player.name
  IS 'MASKED WITH FUNCTION anon.fake_last_name()';

SECURITY LABEL FOR anon ON COLUMN player.id
  IS 'MASKED WITH VALUE NULL';

Static Masking

Permanently replace PII in the database:

SECURITY LABEL FOR anon ON COLUMN customer.full_name
  IS 'MASKED WITH FUNCTION anon.fake_first_name() || '' '' || anon.fake_last_name()';

SECURITY LABEL FOR anon ON COLUMN customer.birth
  IS 'MASKED WITH FUNCTION anon.random_date_between(''1920-01-01''::DATE, now())';

SELECT anon.anonymize_database();
-- Also available: anon.anonymize_table(), anon.anonymize_column()

Dynamic Masking

Hide PII from specific roles while others see original data:

SELECT anon.start_dynamic_masking();

CREATE ROLE skynet LOGIN;
SECURITY LABEL FOR anon ON ROLE skynet IS 'MASKED';

SECURITY LABEL FOR anon ON COLUMN people.lastname
  IS 'MASKED WITH FUNCTION anon.fake_last_name()';

SECURITY LABEL FOR anon ON COLUMN people.phone
  IS 'MASKED WITH FUNCTION anon.partial(phone, 2, $$******$$, 2)';

When skynet queries the table, masked data is returned automatically.

Anonymous Dumps

pg_dump_anon.sh -h localhost -p 5432 -U bob bob_db > dump.sql

Common Masking Functions

Function	Description
`anon.fake_first_name()`	Random first name
`anon.fake_last_name()`	Random last name
`anon.fake_company()`	Random company name
`anon.random_date_between(d1, d2)`	Random date in range
`anon.random_zip()`	Random zip code
`anon.partial(value, prefix, padding, suffix)`	Partial scrambling
`anon.random_string(n)`	Random string of length n
`anon.random_int_between(i1, i2)`	Random integer in range

Last updated on 2026-03-12

pg_session_jwt pgsmcrypto