API Reference

API Reference#

This page documents the public API of Django PostgreSQL Anonymizer.

Context Managers#

django_postgres_anon.context_managers.anonymized_data(role_name: str | None = None, auto_create: bool = True) Generator[None, None, None][source]#

Context manager for temporarily switching to an anonymized database role.

This allows queries within the context to see anonymized data instead of real data, assuming the PostgreSQL Anonymizer extension is properly configured with masking rules.

Parameters:

  • role_name – Name of the masked role to use. Defaults to ‘masked_reader’.

  • auto_create – Whether to automatically create the role if it doesn’t exist.

Example

>>> with anonymized_data():
...     users = User.objects.all()  # Returns anonymized user data

>>> with anonymized_data('custom_masked_role'):
...     sensitive_data = SensitiveModel.objects.all()
Raises:

  • RuntimeError – If the role doesn’t exist and auto_create is False

  • Exception – If role switching fails

Decorators#

django_postgres_anon.decorators.use_anonymized_data(role_name: str | None = None, auto_create: bool = True)[source]#

Decorator for automatically using anonymized data in views/functions.

This decorator wraps the function execution in the anonymized_data context manager, ensuring all database queries within the function see anonymized data.

Parameters:

  • role_name – Name of the masked role to use. Defaults to ‘masked_reader’.

  • auto_create – Whether to automatically create the role if it doesn’t exist.

Example

>>> @use_anonymized_data
>>> def sensitive_report(request):
...     users = User.objects.all()  # Returns anonymized user data
...     return render(request, 'report.html', {'users': users})

>>> @use_anonymized_data('custom_masked_role')
>>> def api_endpoint(request):
...     return JsonResponse({'users': list(User.objects.values())})

>>> # Class-based view example
>>> class SensitiveDataView(View):
...     @method_decorator(use_anonymized_data)
...     def get(self, request):
...         data = SensitiveModel.objects.all()
...         return JsonResponse({'data': list(data.values())})

Note

  • Works with function-based views, class-based views, and regular functions

  • Automatically handles role switching and cleanup

  • Preserves function signatures and return values

  • Can be used with Django’s method_decorator for class-based views

Mixins#

class django_postgres_anon.mixins.AnonymizedDataMixin[source]#

Mixin for class-based views to automatically use anonymized data.

This mixin ensures all database operations within the view use anonymized data by wrapping the dispatch method.

Example

>>> class SensitiveReportView(AnonymizedDataMixin, ListView):
...     model = User
...     template_name = 'sensitive_report.html'
...     anonymized_role = 'custom_masked_role'  # Optional

>>> class APIView(AnonymizedDataMixin, View):
...     def get(self, request):
...         users = User.objects.all()  # Automatically anonymized
...         return JsonResponse({'users': list(users.values())})
anonymized_role: str | None = None#
auto_create_role: bool = True#
dispatch(request, *args, **kwargs)[source]#

Override dispatch to use anonymized data context

Models#

MaskingRule#

Defines anonymization rules for database columns.

Fields:

  • table_name - Database table name

  • column_name - Column to anonymize

  • function_expr - PostgreSQL Anonymizer function (e.g., anon.fake_email())

  • enabled - Whether rule is active

MaskingPreset#

Pre-configured sets of anonymization rules.

Fields:

  • name - Preset identifier

  • description - Human-readable description

  • preset_type - Category (healthcare, finance, etc.)

MaskedRole#

PostgreSQL roles with anonymized data access.

Fields:

  • role_name - PostgreSQL role name

  • created_at - Creation timestamp

MaskingLog#

Audit trail for anonymization operations.

Fields:

  • operation - Operation type (apply_rule, role_switch, etc.)

  • user - User who performed operation

  • timestamp - When operation occurred

  • success - Whether operation succeeded

  • error_message - Error details if failed

  • details - Additional metadata (JSON)

  • duration - Operation duration

Configuration#

get_anon_setting#

Get a configuration setting value with environment variable support.

from django_postgres_anon.config import get_anon_setting

# Get individual settings
enabled = get_anon_setting('ENABLED')
masked_groups = get_anon_setting('MASKED_GROUPS')
validate = get_anon_setting('VALIDATE_FUNCTIONS')

Available settings: ENABLED, MASKED_GROUPS, DEFAULT_MASKED_ROLE, ANONYMIZED_DATA_ROLE, VALIDATE_FUNCTIONS, ALLOW_CUSTOM_FUNCTIONS, ENABLE_LOGGING

See Settings Reference for details.

Utility Functions#

validate_anon_extension#

Check if PostgreSQL Anonymizer extension is installed and available.

from django_postgres_anon.utils import validate_anon_extension

if validate_anon_extension():
    print('Extension is installed')
else:
    print('Extension not available')

Returns True if extension is installed, False otherwise.

Commonly used in health checks and validation scripts.

Management Commands#

anon_init#

Initialize PostgreSQL anonymizer extension.

python manage.py anon_init

Performs initial setup:

  • Creates the anon extension in PostgreSQL

  • Initializes anonymization system

  • Sets up required database objects

Run this once after installation before using any other commands.

anon_apply#

Apply masking rules to the database.

python manage.py anon_apply [--dry-run]

Options:

  • --dry-run - Preview changes without applying them

Creates masking labels based on your MaskingRule configurations.

anon_status#

Show anonymizer status and configuration.

python manage.py anon_status

Displays:

  • Extension installation status

  • Active masking rules

  • Database role configurations

  • Current anonymization state

anon_validate#

Validate anonymization rules and database setup.

python manage.py anon_validate

Checks:

  • PostgreSQL Anonymizer extension is installed

  • All masking functions are valid

  • No SQL injection patterns in rules

  • Database permissions are correct

anon_dump#

Create anonymized database dump.

python manage.py anon_dump <output_file> [--format=custom]

Options:

  • output_file - Path to dump file (required)

  • --format - Dump format: custom, plain, directory, tar (default: custom)

Creates a PostgreSQL dump with anonymized data using pg_dump with anonymizer.

anon_drop#

Remove anonymization from database.

python manage.py anon_drop [--keep-extension]

Options:

  • --keep-extension - Remove masking rules but keep the extension installed

Warning: This removes all masking labels and anonymization configuration.

anon_load_yaml#

Load anonymization rules from YAML presets.

python manage.py anon_load_yaml <preset> [--overwrite] [--dry-run]

Options:

  • preset - Preset name or path to YAML file

  • --overwrite - Replace existing rules

  • --dry-run - Preview what would be loaded

Built-in presets: django_auth, ecommerce, healthcare, finance, social_media, education

anon_fix_permissions#

Fix permissions for existing anonymized roles.

python manage.py anon_fix_permissions

Repairs database role permissions if they become misconfigured.

See Also#

Contents