Skip to main content

Technique 1: Deletion

The simplest and most effective way to protect sensitive data is to delete it. This is the best pattern for high-risk data that has little to no analytics value, such as a full credit card number.

The Goal

You will use the .without() function to remove the full_number and expiry fields from the payment_method object, as required for PCI-DSS compliance.

Implementation

  1. Start with the Foundation: Copy the remove-pii-foundation.yaml to a new file named delete-payment.yaml.

    cp examples/data-security/remove-pii-foundation.yaml delete-payment.yaml

  2. Add the Deletion Logic: Open delete-payment.yaml and add a mapping processor to the pipeline section.

    Add this to the 'processors' array in delete-payment.yaml
    - mapping: |
        root = this
        # The .without() function removes fields from an object.
        # Here, we replace the existing payment_method object with a new one
        # that doesn't have the sensitive fields.
        root.payment_method = this.payment_method.without(
          "full_number",
          "expiry"
        )

  3. Deploy and Test:

    # Send the sample event data from the setup step
    curl -X POST http://localhost:8080/events/ingest \
      -H "Content-Type: application/json" \
      -d @~/expanso-remove-pii/sample-event.json

  4. Verify: Check your logs. The payment_method object in the output will no longer contain the full_number or expiry fields.

You have successfully applied the deletion pattern. In the next steps, you will learn other PII removal techniques for data that has more analytics value.