Skip to main content

Pattern 3: Encrypting Location Data

This pattern demonstrates how to protect precise location information, like a street address, while preserving less sensitive geographic data (like a city or state) for regional analytics.

The Pattern

For any object containing a physical address:

  1. Encrypt the fields that provide precise location, such as street and the full zip code.
  2. Extract and Preserve fields that are useful for analytics but do not identify an individual, such as city, state, country, and the zip_prefix (the first 3 digits of a US zip code).
  3. Delete the original, plaintext sensitive fields.

Implementation

You can add this logic to the same mapping processor you've been building in the previous steps.

  1. Start with your Pipeline: Open the encrypt-pii.yaml file from Step 2.

  2. Add the Address Encryption Logic: Add the logic for the billing_address object to the bottom of the existing mapping processor.

    Add this to your 'mapping' processor
    # --- Logic from previous steps ---
    # (The existing logic for card numbers, ssn, and email remains here)

    # --- START: New additions for Address Data ---

    if this.billing_address.exists() {
      # 1. ENCRYPT the sensitive fields
      root.billing_address.street_encrypted = this.billing_address.street.encrypt_aes("gcm", env("ADDRESS_ENCRYPTION_KEY"))
      root.billing_address.zip_encrypted = this.billing_address.zip.encrypt_aes("gcm", env("ADDRESS_ENCRYPTION_KEY"))

      # 2. PRESERVE the analytics-safe prefix
      let clean_zip = this.billing_address.zip.re_replace_all("[^0-9]", "")
      if clean_zip.length() >= 3 {
        root.billing_address.zip_prefix = clean_zip.slice(0, 3)
      }

      # 3. DELETE the original fields
      root.billing_address = this.billing_address.without("street", "zip")
    }

    Note: This step uses a separate ADDRESS_ENCRYPTION_KEY. Ensure you have set it as an environment variable.

Verification

When you run data through the updated pipeline, the billing_address object will now be protected. The street and zip fields will be gone, replaced by their encrypted versions and the safe zip_prefix. City and state are preserved for your analytics needs. This same pattern can be applied to a shipping_address or any other location-based object.