PostgreSQL Anonymizer 1.1: Privacy By Default For Postgres

Posted on 2022-09-29 by Dalibo
Related Open Source

Tour, France, September 28th, 2022

PostgreSQL Anonymizer is an extension that hides or replaces personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database.

The extension supports 3 different anonymization strategies: Dynamic Masking, Static Masking and Anonymous Dumps. It also offers a large choice of Masking Functions such as Substitution, Randomization, Faking, Pseudonymization, Partial Scrambling, Shuffling, Noise Addition and Generalization.

Privacy By Default

The GDPR regulation (and other privacy laws) introduces the concept of data protection by default. In a nutshell, it means that by default, organisations should ensure that data is processed with the highest privacy protection so that by default personal data isn’t made accessible to an indefinite number of persons.

By applying this principle to anonymization, we end up with the idea of privacy by default which basically means that all columns of all tables should be masked by default, without having to declare a masking rule for each of them.

To enable this feature, simply set the option anon.privacy_by_default to on.

ALTER DATABASE foo SET anon.privacy_by_default = True;

Now all the columns of the foo database will be anonymized with the default value of the column (if defined) or with NULL.

Caveat: If you have columns declared as NOT NULL, you will have to define a default value, otherwise you will end up with a constraint violation when you will anonymize the database.

For more details about this feature, please follow the link below:

Consistent Anonymous Dumps

Before version 1.0, pg_dump_anon was a bash script. This script was nice and simple. However under certain conditions the anonymous backups were not consistent.

There's now a brand new version of pg_dump_anon (rewitten in Golang) that will always produce consistent exports.

The previous script is now renamed to and it is still available for backwards compatibility. But it will be deprecated in version 2.0.

How to Install

This extension is officially supported on PostgreSQL 9.6 and further versions.

On Red Hat, CentOS and Rocky Linux systems, you can install it directly from the official PostgreSQL RPM repository:

dnf install postgresql_anonymizer14

Then load the extension with:

ALTER DATABASE foo SET session_preload_libraries = 'anon';

Create the extension inside the database:


And finally, initialize the extension

SELECT anon.init();

For other systems, check out the install documentation:


This release includes code, bugfixes, documentation, code reviews and ideas from Michel Pelletier, Gergő Rubint, Mahesh Moturu, Greg pringle, Christophe Courtois and any other contributors.

Many thanks to them for their help and feedback.

How to contribute

PostgreSQL Anonymizer is part of the Dalibo Labs initiative. It is mainly developed by Damien Clochard.

This is an open project, contributions are welcome. We need your feedback and ideas! Let us know what you think of this tool, how it fits your needs and what features are missing.

If you want to help, you can find a list of Junior Jobs here: