Skip to content

apiaddicts/tyk-anonymization-plugin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

Tyk Anonymization Plugin

Version Go Tyk

Middleware plugin for Tyk Gateway written in Go. Intercepts API responses and anonymizes sensitive data in real time, based on rules defined directly in the OpenAPI (Swagger) specification.

Installation

Compile the plugin as a shared object (.so) compatible with your Tyk Gateway instance.

📊 Compatibility Matrix

Requires Tyk Gateway v5.2.0 or higher (minimum version with native OAS context injection).

Tyk Version Support Level Technical Note
v5.2.x - v5.8.x Official Support Full Native OAS Integration
v5.1.x and below Not Supported Missing ctx.GetOASDefinition / Legacy Toolchain

🛠️ Minimum Requirements

  • Tyk Gateway: v5.2.0+
  • Build Environment: Go 1.21+ (only if building manually)

📦 Binary Availability

  • Direct Download (Recommended): Pre-compiled bundle for v5.8.0 available from GitLab CI/CD artifacts.
  • Other Versions: Build manually for any supported version (v5.2+) using the instructions below.

Option 2: Manual Build (Only if you need a specific version)

  1. Update the image tag in plugin_oas/build.sh.
  2. Run:
./plugin_oas/build.sh

This generates plugin.so and bundle.zip locally.

Usage

Anonymization is configured directly in your OpenAPI file (.json or .yaml) using x-anonymization extensions.

1. Define Rules in OpenAPI

Add the x-anonymization extension to schema properties:

properties:
  email:
    type: string
    x-anonymization: "mask"
  id:
    type: string
    x-anonymization: "pseudonymize"
  name:
    type: string
    x-anonymization: "swap:my-names-list"

2. Fallback Behavior (Asterisks)

If a technique requiring external configuration (swap or pseudonymize) is requested but not provided, the plugin returns a string of asterisks (********) to ensure data safety.

3. Operation Modes

Controlled via the X-Anonymize-Mode header:

Mode Header Value Best For
Memory (default) (absent) Complex nested objects
Streaming stream Very large responses

Environment Variables

Variable Description Default
ANONYMIZATION_KEY Global secret key for pseudonymize (if not defined in OAS). -
ANONYMIZATION_DATA_PATH Path to the dynamic configuration JSON file. plugin_config.json

Technical Procedures

Dynamic Configuration

Load custom lists for the swap method via a config file or by injecting them into the OpenAPI spec.

{
  "custom_swapping_lists": {
    "my-names-list": ["John", "Mary", "Peter"]
  }
}

Changelog

See CHANGELOG.md for version history.

About

No description, website, or topics provided.

Resources

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors