"Scrub" Sensitive Data from your Files before sending them to Datical Support
Providing your log files, project files, changelogs, and html reports can help Datical Support diagnose and resolve an issue more quickly. However, some of your Datical files may contain sensitive information.
For Datical DB versions 5.9 and higher, you can use the hammer debug export
command to "scrub" sensitive information such as hosts, ports, and credentials from your files before sending them to Datical Support. The hammer debug export
command will create a new zip file in your <ProjectName>/Reports/debug directory that contains the files you specify to include. The files in the zip will have the actual values for hosts, ports, and credentials replaced with more generic strings (tokens). This is to avoid emailing files that contain the actual values which may be sensitive information.
The hammer debug export
command provides a simple way to archive the needed files into a zip file that you then send to Datical Support:
- You can specify which files to include in the zip.
- The command must be run from the command line (not from the Datical desktop client/GUI)
- The "scrubber" will only handle files that are located somewhere within your <ProjectName> directory structure for that project. If there are relevant files located outside of the project's directory structure (for example the daticaldb.log file for operations performed in the Datical desktop client/Eclipse GUI), you can copy that log into the project directory structure prior to running the hammer debug export command.
- You can add a new step near the end of your automation jobs so that the
hammer debug export
command creates the zip of "scrubbed" files automatically for each job.
Command: hammer debug export
The command creates a zip file of files in a project directory to send to Datical Support or for your teams to see more details about a particular operation.
Options provide control over what files are included in the zip. The files are "scrubbed" to remove certain sensitive data by default.
Project Directory
The project directory is the source of all files needed.
Important
Run the command in the root of the project directory.
Output Location
By default the command zips the files and places the zip archive file in the project directory:
<project>/Reports/debug/<project>.zip
Use the --report option to specify a different file name and location.
Hiding Sensitive Information
By default, the hammer debug export
command ensures that sensitive information is redacted. Values are replaced with tokens. Each token uniquely replaces a particular item of information.
The following information is redacted by default:
- hostname or IP address
- port
- database names
- Oracle: service name, TNS name, SID
- Other database: database name
- user names
- passwords
Use the --scrub=false
option if you do not want to have these values replaced with tokens.
Including and Excluding Files
Include (–include) or exclude (–exclude) files. The value for either option is a search string. All files with names and/or extensions that match the string search are included.
All files must be in the project file hierarchy. If you want to add a file from outside the project, copy it to the file hierarchy. Place it in the root <project-name> directory.
Including Files by Last Modified Date
You can include only files modified within a specified number of hours.
Use the --lastmodified option to specify a number of hours. All files are included that have a last modified date within the number of hours measured from the time the command is run.
Including Non-Project Files
If Datical Support asks you to include files that are not already part of the Datical project directory, you must place them in the project directory.
For example, if you use automation software like Jenkins to run packager or deploys, Datical Support may ask you for the packager.log or daticaldb.log from the automation job. You must copy them into the project directory before running the hammer debug export command.
Common Use Case Scenarios
Datical has found patterns in customer needs, customer security policies, and requirements for files to fully diagnose a problem. Here are four example scenarios.
- Minimum for Problem Diagnosis - provide the minimum number of files to start diagnosis.
- Default - provide all data in the project directory
- Exclude All SQL Files - provide all files except SQL files. Security policy may determine whether you are allowed to share SQL files outside of your company.
- Exclude DML Files - provide all files except DML files. Security policy may determine whether you are allowed to share DML files. DML files may contain sensitive information about people and accounts.
Scenarios
Minimum for Problem Diagnosis
Scrub and provide the minimum information required for Datical Support to start diagnosing a problem.
- datical.project - definition of the project
- changelog.xml - all changesets (changes applied to the database)
- daticaldb.log - main Datical DB log
- packager.log - log from running the Deployment Packager, which refactors SQL files into changesets and deploys them to the REF database
Example of Minimum
hammer debug export --include=datical.project,changelog.xml,daticaldb*.log,packager.log
Default
Include and scrub all files in the project directory.
Example of Default
hammer debug export
Exclude DML
Scrub and include files in the project directory except DML files and generated SQL in the html reports.
Example of Excluding DML
hammer debug export --exclude=*.html,Resources/sql,Resources/sql_scripts