New features
  • 01 Jun 2023
  • Dark
  • PDF

New features

  • Dark
  • PDF

Article Summary


  • IBAN Discovery and Masking
    Supports automatically discovering and masking International Bank Account Numbers. 
  • New US Driver's License Classifier
    Supports automatically discovering and masking US Driver’s Licenses. 
  • Oracle Source Sizing
    Measures the size of connected Oracle databases. This information will be available via a new utilization PDF report, as well as through the GET /billing-usage API.
  • New Features for the Postgres Connector
    The connector will now provide more automated control of indexes, constraints, and triggers. This will automatically upgrade and allow you to choose these features.
  • User-controlled Automated Sensitive Data Discovery (ASDD) Set Upgrade
    With the 11.0 release, Delphix will begin shipping the standard ASDD discovery set independent of Continuous Compliance. You can use a new API endpoint to control when to adopt new ASDD discovery sets. This will allow you to upgrade to newer releases of the software without impacting existing workflows, as well as easily creating and distributing your own classifier sets. 


  • Password Vault support for PostgreSQL connections
    This release adds HashiCorp Vault and CyberArk support for storing and accessing secrets, keys, and certificates necessary for PostgreSQL operations.
  • More Automated Sensitive Data Discovery classifiers
    Classifiers improve our ability to automatically discover sensitive information and accurately recommend masking algorithms. This update adds classifiers for identifying Credit Cards, Addresses, Telephone numbers, US Passports, US SSNs, and Bank accounts. With ASDD Classifiers, organizations can easily mask new data sources for downstream teams to start working with compliant data quickly.
  • Classifiers user interface
    This update adds a new user interface for the Automated Sensitive Data Discovery classifiers introduced in 9. Previously, classifier definitions were only accessible via the API. 
  • Enhanced DocumentType support for JSON and XML
    This update expands our support for the JSON and XML Document types. Applying the multi-column algorithms to JSON and XML structures is now possible. Further, it is now possible to mask JSON and XML structures stored in BLOBs. 
  • CData license upload
    Our partnership with CData allows customers to purchase and use CData JDBC drivers from Delphix to connect to additional data sources with Continuous Compliance. This release enables users to install the required license files on their engines. Customers download the CData drivers directly from CData but download the corresponding license files for these drivers from Delphix. Consult your account representative for purchasing and using a specific CData driver.


  • New Automated Sensitive Data Discovery (ASDD) Profiler Implementation
    The new ASDD profiler has been introduced with a number of new features, including new data level profiling logic and improved database sampling capabilities. A new profile set, ASDD Standard has been added that leverages the new implementation.
  • UI Updates: Audit and Classifiers

    Audit: This page allows for a quick review of historical user activity with global audit logs, to help ensure compliance. Updated for speed and ease-of-use, with significantly better filtering, searching, and performance.
    Classifiers: This section of the Settings page contains a list of Classifiers with relevant information and actions. The Profiler can be customized for domain and data level (name, column metadata, data value) using standard regex expressions. Improved performance, data level inspection, and accuracy for matching data types (using data classifiers).


  • Improved JSON Document Store performance
    Upon upgrade, JSON Document Store masking is significantly faster. For more information, visit Document Store Type Masking.
  • This release contains bug fixes for the Continuous Compliance Engine


  • JSON and XML: Tokenization/Re-Identification and Chained Algorithms
    Easily leverage tokenization/re-identification algorithms and chained algorithms with JSON and XML data. Data tokenization/re-identification provides reversible data anonymization to protect data in non-prod environments. Chain algorithms enable complex multistep algorithms to be run on separate values, such as Full Name algorithms.

Release 6.0.17 

  • JSON; XML Field Masking
    This release introduces the ability to mask JSON; XML objects nested in string/text fields, allowing Continuous Compliance to be maintained for semi-structured JSON & XML data in non-production environments. With this, the Continuous Compliance library can be leveraged, or customized algorithms can be created to meet required data schemas.
  • Microsoft Intelligent Data Platform Integration (Azure Data Factory; Azure Synapse Pipelines)
    Accelerate data compliance using Microsoft Intelligent Data Platform’s ETL tools with Delphix Continuous Compliance. This allows users to quickly mask data while moving between 100+ Azure Synapse Analytics and Azure Data Factory connections. Quickly identify sensitive data in ETL pipelines and mask using Delphix algorithms.
  • Containerized Masking
    This feature allows users to efficiently spin up and tear down Continuous Compliance containers. Easily orchestrate scaling out Continuous Compliance using a container orchestrator, allowing for quick parallelized masking jobs in the self-managed container cluster to multiple instances.
  • Hyperscale Compliance Masking Job Sync
    Introducing fast migration for masking jobs from existing Continuous Compliance Engines to the Hyperscale Compliance Orchestrator. This accelerates the masking of massive Oracle databases for compliance and greatly improves masking speed for databases with billions of rows containing PII, PHI, or sensitive data fields.


  • Strict Content Security Policy
    This release adds a new application setting group that drives strict content security policy. Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks.


  • JSON File Masking
    This update introduces support for JSON File Masking, a popular human-readable data exchange format. Teams can leverage Delphix's existing library of pre-built algorithms to mask sensitive information. For more information, see JSON File Masking.
  • Segmented Mapping Algorithm V2
    This update enhances the Segmented Mapping Algorithm for improved performance, extensibility, security, and portability. It produces new masking results from the legacy algorithm. Segmented Mapping allows a user to create unique masked values by dividing data into segments that are masked piecewise. For more information, see Segmented Mapping.
  • Numeric Expression Algorithm
    This new algorithm enables formula transformations to values, so that teams can run common math operators to scale or shift numbers.
  • New API Endpoints
    This release introduced a new API Support Bundle Generation endpoint:

The new API endpoint is:

supportBundlePOST /support-bundleGenerates support bundle

For more information, see API for generating support bundle.


  • Certifications

This release adds the following certifications:

  • SAP HANA 2.0 SP 05
  • CockroachDB
  • VMware ESXi 7.0 U3c
  • Data Cleansing
    The Data Cleansing algorithm has been updated to standardize spellings, misspellings, and convert abbreviations. Algorithm based data cleansing eliminates slow and manual processes prior to masking the data. For more information, see Data Cleansing.
  • Min Max
    The MinMax Number and MinMax Date algorithms have been updated for normalizing outlier data in a table column by masking numbers and dates that could give context of records based on values.
  • Continuous Compliance UI Improvements

This version of the Continuous Compliance engine features the following new UI enhancements:

  • Monitoring interface now details which job step is currently underway
  • Improved Continuous Compliance job management for intermediate steps
  • Redesigned Execution Monitor interface
  • For more information, see Monitoring Masking Job.
  • “Optional” Columns for Multi-column Algorithms

    The Multi-column algorithm now allows for some fields to be marked as optional for more run-time flexibility. Concurrent Continuous Compliance operations can now occur using multiple data columns in a single operation. For more information, see Using Multi-Column Algorithms.

  • Automated Sensitive Data Discovery

    A new default profile set is being implemented to improve the accuracy and speed of column level profiling. 40 new profile expressions utilizing type constraints are introduced for domain and algorithm assignment to help reduce false positives associated with data type mismatches during inspection. The default profiler set upgrade has no change or impact on existing users.

  • New API Endpoints

    This release extends the list of API-endpoints by adding the following task-based progress monitoring endpoints.

    The new API endpoints are :

    monitoringGET /monitor-taskget the status of Execution or async task
    monitoringGET /monitor-task/get the status of Execution or async task by the id


  • Certifications

    This release adds support for VMware ESX/ESXi 7.0 U3c and DB2 12.0 on z/OS.

  • New Tokenization Algorithm

    In this release, Delphix introduces a new Tokenization algorithm framework to replace the legacy Tokenization algorithm. This new Tokenization algorithm framework includes additional configuration options for increased security. For more information, see Tokenization. Legacy Tokenization algorithm instances will remain in place and function the same until their planned EOL in version, migration to the new Tokenization algorithm is recommended.

  • Zip+4 Algorithm

    A new version of the Zip+4 algorithm is now available that is used for full-length (nine-digit) zip codes. This new version is built upon the Masking Algorithm SDK and offers the same benefits as other new algorithms, including greater performance.

  • Improved Masking Monitoring

    This release improves usability and diagnosability of the Masking Engine by allowing users to search for past jobs and filter the results based on job type and status. For more information, see the Search section at Monitoring Masking Job.

  • New API Endpoints

    This release extends the list of API-endpoints by adding the following execution logs endpoints. These API endpoints will return file download ID that can be used to download execution logs under GET /file-downloads/{fileDownloadId}.

    The new API endpoints are :

    executionsGET /execution-logsget all execution logs of all jobs.
    executionsGET /executions/get a particular execution log by using execution ID.
    execution-component-logGET /execution-component-logget all the execution component logs of all jobs, execution ID is a mandatory parameter.
    execution-component-logGET /execution-component-log/get a particular execution log by using componentId.


  • New Microsoft SQL Server implementation to Disable Constraints/Triggers and Drop Indexes

    In this release, Delphix adds default driver support for Microsoft SQL Server database masking options of Disable Constraints, Drop Indexes, and Disable Triggers as job tasks. These changes apply to masking, reidentification, and tokenization jobs where enabled.

    For details on the usage and known limitations of the Microsoft SQL Server Disable Constraints, Drop Indexes, and Disable Triggers driver support tasks, see Microsoft SQL Server Built-in Driver Support Plugin. Upon engine upgrade, any existing jobs on built-in Microsoft SQL Server connectors where these options were selected will be upgraded to these enabled driver support plugin tasks.

  • Improved User Experience Diagnosability

    This release improves user experience by ensuring time is displayed in a consistent fashion. It prevents users from running parallel update threads against incompatible databases and provides per-job log information. The job monitoring view now displays the total time taken in the hours:minutes:seconds format.

  • Free Text Redaction

    This release updates the free text redaction algorithm to the new extensible Algorithm framework to improve performance and allow chaining of algorithm instances. For more information, see Free Text Redaction.

  • Updated Secure Lookup Instances

    This release updates the legacy Secure Lookup algorithms to the extensible Secure Lookup framework. Masked results will remain the same other than whitespace handling.

  • New API Endpoint for Define Fields

    This release extends the list of API-endpoints by adding the following file-field-metadata endpoint to create field metadata for a file format. This field allows users to add a file field that you want to mask in a format. After the user uploads a format, all the fields from the uploaded file format are displayed at the inventory screen.

    The new API endpoint is :

    fileFieldMetadataPOST /file-field-metadataCreates field metadata for a file format.
  • Masking Whole File

    You can now configure the masking engine to mask the complete file and pass the content of that file as a single input to an algorithm. For more information, see Masking Whole File.

  • Character Mapping Algorithm Support for Tokenization/Reidentification Jobs

    The character mapping algorithm can now be used for tokenization and reidentification jobs.


  • Certifications

    This release adds support for Oracle database 21c.

  • General UI for Extended Algorithms

    In this release, Delphix continues to improve the experience of creating and using new extended algorithms. These algorithms may include configuration information stored in JSON format. The configurations are now editable via the UI. For more information, see General UI for Extended Algorithms.

  • OAuth2 API Support

    The Virtualization and Masking engine APIs are now accessible via OAuth2 tokens that improve Delphix's security offerings. For more information, see Configuring OAuth2 Authentication for API Access.

  • New Oracle Optimizations to Disable Constraints/Triggers and Drop Indexes

    In this release, Delphix has re-implemented the Oracle database masking options of Disable Constraints, Drop Indexes, and Disable Triggers as job tasks, using the Driver Support Plugin Framework, improving both functionality and performance. These optimizations apply to masking, reidentification, and tokenization jobs where these tasks are enabled.

    For details on the optimizations, usage and known limitations of the Oracle Disable Constraints, Drop Indexes, and Disable Triggers driver support tasks, see Oracle Built-in Driver Support Plugin. Upon engine upgrade, any existing jobs on built-in Oracle connectors where these options were selected will be upgraded to these enabled driver support plugin tasks.

  • New Export Secure Lookup Values API

    This release extends the list of API-endpoints by adding a new API for exporting the values from a secure lookup algorithm instance.

    The new API endpoint is:

    algorithmPOST /algorithms/Export lookup values form secure lookup algorithm.

    For more information, see Secure Lookup - Exporting Secure Lookup Values via API.

  • New Copy Ruleset API

    This release extends the list of API-endpoints by adding three new APIs for copying rulesets under databaseRuleset, fileRuleset, and mainframeDatasetRuleset.

    The new API endpoints are :

    databaseRulesetPUT /database-rulesets/Copy ruleset objects in the same database environment.
    fileRulesetPUT /file-rulesets/Copy ruleset objects in the same file environment.
    mainframeDatasetRulesetPUT /mainframe-dataset-rulesets/Copy ruleset objects in the same dataset environment.
  • New Binary Lookup Algorithm

    This release introduces a new binary lookup algorithm framework in the masking extensibility SDK that supports advanced features such as algorithm chaining. Legacy binary lookup algorithm instances will be automatically and seamlessly migrated to the new binary lookup framework when you upgrade the masking engine. For more information, see Binary Lookup.

  • UI/UX Enhancements

    This release introduces substantial improvements to the user interface that gives a new look and feel to the masking engine.


  • Masking Salesforce Data

    There has been an increasing demand for an easy way to manage and utilize the highly sensitive data stored in Salesforce. With this new Select Connector offering, sensitive data discovery and masking algorithm assignment is automatically handled for the Salesforce default schema; this is not only unique in the market, but also the first time Delphix is delivering this solution as an addition to its product suite. This is the top compliance solution for Salesforce on the market and provides a dramatically simpler deployment option to manage and secure this business-critical data. For more information, see Application Solutions documentation.

  • New Mapping Algorithm

    A more powerful and faster mapping algorithm is now available. This allows running the same mapping algorithm across multiple jobs and across multiple engines. Running the same mapping algorithm across multiple engines requires a compatible external database. New APIs now support migrating mappings from existing mapping algorithms to the new mapping algorithms.

  • Algorithm Replacement APIs

    APIs are now being introduced to list and replace algorithms.

    algorithmGET /algorithms/Retrieves all usage of the algorithm specified in the request path.
    algorithmPUT /algorithms/Updates all usage of the algorithm specified in the request path to use the new algorithm name supplied as a query parameter.

    For more information, see Managing Algorithm Usage.

    algorithmGET /algorithms/migrationReturns a list of result objects describing each possible migration. One object is returned for every algorithm on the engine that can be migrated.
    algorithmPOST /algorithms/Creates a new algorithm named newAlgorithmName (from the API query parameters), by migrating from the algorithm named in the query path.

    For more information, see Migrating Algorithms.

  • New Phone Masking Algorithm

    A new masking algorithm for the phone number framework for US and international numbers is now available. Migration from the old phone masking algorithm to the new one is required. For more information on transition, see Delphix Community Post.

  • New Custom SQL API

    In this release, Delphix has extended the list of API-endpoints by adding a new table-metadata endpoint for generating custom SQL for the given tableMetadataId.

    The API endpoint is :

    tableMetadataGET /table-metadata/Generates a custom SQL.


  • Masking SDK Driver Support Plugins

    The Masking SDK functionality is extended with the ability to develop a new kind of plugin, called driver support plugins. These allow the execution of developer-defined tasks as part of a masking job.

  • Masking SFTP Connector is extended with a new flag UserDirIsRoot

    Delphix introduces a new flag, setting whether the SFTP Connector configured Path is relative or absolute.

  • New Email Framework

    Delphix introduces a new Email Framework along with two default algorithm instances. This functionality allows for more customization in masking email addresses.

  • New Copy Environment API

    In this release, Delphix has extended the list of API-endpoints by adding a new API for copying environments.

    The API endpoint is :

    environmentPOST /environments/Copy environment objects in the same or a different application


  • New Name and Full Name Frameworks

    Delphix introduces new Name and Full Name Frameworks, as well as their default algorithms instances. That functionality adds flexibility and more sophisticated ways for name masking.

  • Masking SDK multiple plugins capacity

    Masking SDK functionality is extended with an option of loading multiple plugins and chaining extensible algorithms based on different plugins. The dlpx-core plugin is uploaded by default.

  • New Regex Decompose Algorithm Chaining Framework

    Delphix introduces the Regex Decompose extensible algorithm framework, which allows the capability to build new algorithms from a combination of predefined actions and existing algorithms.

  • Enclosure Escape Character Support for Delimited File Masking

    In this release, Delphix has added escape character support for delimited file masking. Specifically the following were added:

    • Enclosure Escaping StrategyThe user can configure the enclosure escape character from the UI/API to escape the enclosure. To configure the enclosure escape character from the UI, the user must select the "Enclosure Escaping Strategy" dropdown value as per the below options on the edit Rule Set popup window.
      1. Double Enclosure: Double enclosure option will set the escape character value same as enclosure value.
      2. Custom: By selecting custom option, the user can specify any single character as an enclosure escape character, except the "escape sequences" and "control characters".
  • Escape "Enclosure Escape Character"The user can escape the "enclosure escape character" itself by clicking on the Escape "Enclosure Escape Character" checkbox on the edit RuleSet popup window.

    For more detailed information, see Managing Rule Sets.


  • New Date Masking Frameworks

    Delphix introduces new date masking frameworks, which includes date replacement, date shift, and multi-column dates. These new frameworks obviate the need for many of the custom date algorithms that were required in the past. Delphix also introduces new default implementations of common date-masking functionality. The new date masking frameworks are briefly described below.

    • Date Replacement: Selects a replacement value from a configurable date range.
    • Date Shift: Produces a replacement value by randomly shifting the input date by a configurable increment range.
    • Multi-column Date: Masks date values that have a dependency, such as admission and discharge date using the same algorithm as Date Shift. This allows masking of both the initial date and the difference between the dates.
  • New Credit Card Masking Algorithms

    Delphix introduces a robust payment-card masking framework, as well as a default algorithm implementation for credit card data. The legacy credit card algorithm (that produced random values) is being replaced by the new default instance, which provides consistent masking results, a unique output for every valid input, always changes a valid input value, and preserves all non-digit portions of the input value.

  • Masking Engine changes for Users and Groups

    This enhancement adds stronger on-Masking Engine safeguards to the Users and Groups experience delivered in Central Management ,in which the access to a Masking Engine’s objects is determined by assigning authorization via global access groups. Specifically, when an engine opts into the global model, it relinquishes local control of object access. With this, the local enforcement of global (Central Management) settings is strengthened by deactivating local object access in the UI, thus ensuring the local values will not be overridden via frequent, periodic scans from Central Management.

  • New Forgot and Reset password APIs

    In this release, Delphix has extended the list of API-endpoints by adding two new API's related to the existing Forgot and Reset password feature for a user, which was available via GUI only till now.

    The two new sets of API endpoints are :

    userPOST /users/forgot-passwordSend reset password mail to the user

    POST /users/reset-passwordReset new password for the user

    The forgot-password API will generate and send a password reset link to the registered email id of the user, for which the password has to be reset.

    The reset-password API will use the token sent via the password reset link, to set the new password.

  • Control character support for delimited file masking

    In this release, Delphix has added the control character support for delimited file masking. Specifically the following were added:

    1. Control character as a delimiter: The user can specify a control character as the delimiter from UI/API.
    2. Control character as an end of record: The user can specify a control character as the end of record from UI/API.
    3. Control character as a value: Delimited files containing values with control characters are now supported.
  • Date-Time format change for the API response

    In this release, the date-time format for API responses is changed

    From: yyyy-MM-dd'T'HH:mm:ss.SSSZ e.g. 2021-03-17T17:35:39.352+0000

    To: yyyy-MM-dd'T'HH:mm:ss.SSSXXX e.g. 2021-03-17T17: 35:39.352+00:00.

    The API endpoints below will be affected by this change:

    • GET /system-information
    • GET /plugin
    • GET /profile-jobs
    • GET /profile-sets
    • GET /execution-events
    • GET /async-tasks
    • GET /audit-logs
    • GET /algorithms in algorithm extension object
    • GET /execution-components
    • GET /jdbc-drivers
    • GET /masking-jobs
    • GET /reidentification-jobs
    • GET /tokenization-jobs


  • Certifications

    This release adds support for DB2 iSeries v7.4.

  • Multi-Column Algorithm

    In this release, Delphix has introduced a Multi-Column Extensible Algorithm mechanism, which allows masking multiple columns of the same table conditional to their values (or using any other logic needed by the customer). To use the Multi-Column Algorithm Framework, users first create an algorithm via the Masking SDK and then install their algorithm on a Masking Engine via the Extensible Algorithm Plugin interface.

  • Latest Api Version

    The latest masking API version supported on the engine will be included in the GET /system-information API response.

  • Custom Database Connection Properties

    There is now a way to specify custom connection properties for all of our database connector types by uploading a properties file. For more information, see Database Connection Properties.


  • Certifications

    This release adds support for the following certificates:

    • MySQL 8
    • Postgres SQL 12
    • DB2 LUW 11.5
    • Oracle Database Cloud Services on Virtual Machines
    • Oracle Database Cloud Services on Bare Metal
    • Google Cloud SQL for PostgreSQL
    • Google Cloud SQL for MySQL
    • Google Cloud SQL for SQL Server
  • Character Mapping Algorithm

    Delphix is introducing a replacement for the Segment Mapping Algorithm, the Character Mapping Algorithm. The new Character Mapping Algorithm is built using the recently released algorithm SDK, and in most common configurations this new algorithm will be faster and require less memory than the existing segment mapping algorithm. In addition, this new version does not have a length limitation for the input string and can handle non-ASCII characters.

  • Default Api Version

    Introducing the ability to specify the Masking API version to be used when the version is omitted from the base path of the Masking API request's URL.

  • New API Version

    To reflect the API improvements mentioned above, the API version increased to 5.1.5 in this release. For a complete listing of version 5.1.5, see Masking API Client.


  • Certifications

    This release adds support for SQL Server 2017 and 2019.

  • Masking Job Memory Improvements

    Memory management has been dramatically improved. Not only can jobs run with less memory, but the Masking Engine will also now ensure that jobs can only run if enough memory is available and that the engine cannot run out of memory.

    Along with these changes, there are two new execution statuses: CANCELLED and QUEUED.

  • Extensible Connector Permissions Change

    The first iteration of the Masking Extensible Connectors, supporting the ability to upload and use JDBC drivers, required that the permissions for each driver be enumerated at install time. Delphix has now replaced this mechanism with a fixed security policy blocking only the most dangerous permissions (specifically those that could inflict harm to the Masking Engine), removing the need for user management of permissions. It remains the case that the engine administrator must ensure that only trusted JDBC driver software is installed.

  • File Masking Performance

    The performance of file masking has been significantly improved.

  • Builtin Extensible Secure Lookup Framework

    Delphix has added a builtin, configurable Secure Lookup Algorithm Framework, based on the Extensible Algorithms feature (introduced in release).

    This framework provides better performance and new features when compared with the Legacy Secure Lookup Algorithms.

    It allows configuring the case sensitivity of input values (true/false), and the case configuration of the output values:

        Preserve Lookup File Case   // i.e. as found in Lookup File Preserve Input Case         // i.e. preserve case of input value - UpperCase / LowerCase / Mixed Force all Lowercase         // forces output to LowerCase Force all Uppercase         // forces output to UpperCase 

    The algorithm instance (based on the new Secure Lookup Algorithm Framework) might be managed via the existing Algorithm API, similar to any other plugin algorithm. The GUI has been changed for configuring/editing Secure Lookup Algorithm. For more information, see Secure Lookup Algorithm Framework.

  • Job Scheduler Removed

    As of this release, we have removed the Job Scheduler feature. The introduction of Masking’s REST API several releases ago allowed customers to schedule job executions using their preferred job scheduler. As a result, the integrated scheduler is seldom used.

  • Free Text Redaction Algorithm

    The redaction strategies used in a free text redaction algorithm have been renamed to "Allowlist" and "Denylist".

  • New API Version

    To reflect the API improvements mentioned above, the API version increased to 5.1.4 in this release. For a complete listing of version 5.1.4, see Masking API Client.


  • Extensible Algorithms

    We introduced a new, radically simpler, method to create new masking algorithms. With the new framework, Delphix partners and customers can create and share new algorithms.

    Extensible algorithms and their related algorithm plugins can be managed through the following APIs:

    pluginGET /pluginGet all plugins

    POST /pluginInstall plugin

    DELETE /plugin/Delete plugin

    GET /plugin/Get plugin detail by pluginId

    PUT /plugin/Update plugin

    Existing algorithm API is extended with the following endpoints:

    algorithmGET /algorithm/frameworksGet all algorithm frameworks

    GET /algorithm/frameworks/id/Get algorithm framework by frameworkId
  • UI-based Environment Sync

    Over the past several releases Delphix has introduced and refined the ability to synchronize objects between Masking Engines via the API. In 6.0.3, Delphix now supports importing and exporting environments via the UI.


    In this release, the deprecated XML import/export functionality has been removed. If you used the XML import/export feature in previous releases, you'll find the new Sync Environment feature to be a more robust and complete solution with complete API support in addition to being available in the UI.

  • New SQL Server JDBC Driver

    The product switched from the jTDS JDBC driver to Microsoft's official open-source JDBC driver. This was done to obtain improved support for recent versions of SQL Server.

    All SQL Server basic connectors will be converted transparently. If you used a SQL Server Advanced connector or a Generic connector using the jTDS driver, you will need to manually convert your JDBC URL to the Microsoft JDBC driver's format. To perform this conversion, see the references for the jTDS parameters and the Microsoft JDBC parameters. Delphix Customer Support's upgrade validation checks will detect any SQL Server Advanced connectors and Generic connectors using the jTDS driver in your installation and they will notify you of the need to manually convert those connectors.

  • AzureSQL Managed Databases

    This release is certified to be compatible with the following Azure SQL Managed Databases:

    • Azure Database for PostgreSQL service
    • Azure Database for MySQL service
    • Azure Database for MariaDB service
    • Azure Database for SQL


      You must enable support for non-TLS connections

  • File Masking Performance

    This release contains significant performance improvements for delimited and XML file masking.

  • New API Version

    To reflect the API improvements mentioned above, the API version increased to 5.1.3 in this release. For a complete listing of version 5.1.3, see Masking API Client.


  • Certifications

    This release adds support for Oracle 19c.

  • Mainframe Data Set Improvements for Masking
    This release delivers multiple quality-of-experience enhancements around mainframe masking workflows:

    • Mainframe Masking Performance: Anyone masking mainframe data sets may see a large improvement in performance.
    • Engine Sync Support for Mainframe: The Sync APIs and workflows now support mainframe objects: connectors, rule sets, jobs, and formats.
    • Mainframe Data Set Record Type APIs:This enhancement builds upon the recent release of Record Type APIs to include mainframe support. You will now be able to manage Mainframe data set record types via REST API, including redefine conditions. When masking a mainframe data set, the Masking Engine uses a mainframe data set format to interpret the data set's contents. A mainframe data set format has one default record type "All Record". If a mainframe data set format contains redefined fields, each redefined and redefines field will have a corresponding record type that holds the redefined condition for the redefined and redefines fields. Specifically, the following APIs were added:





      GET /mainframe-dataset-record-types

      Get all Mainframe Dataset record type

      GET /mainframe-dataset-record-types/

      Get Mainframe Dataset record type by ID

      PUT /mainframe-dataset-record-types/

      Update Mainframe Dataset record type by ID

  • For more information on redefine conditions, see Managing a Mainframe Inventory.
  • JDBC to Delimited Files Support

    On-the-fly masking jobs with a JDBC source and delimited file target are now supported. This is targeted at users with data lake applications. This is targeted at users with data lake applications who wish to extract unmasked data using a JDBC connection and insert masked data back using a bulk file load mechanism.

  • Environment Sync Support for Masking

    With this release, an entire environment is now syncable with a single operation via the Sync REST APIs. Previously, Sync users would have to export/import objects on an individual basis, the process now is far more streamlined. Note: Environment Sync APIs are the preferred way of handling environment export/import versus XML-based transfer.

  • New API Version

    To reflect the API improvements mentioned above, the API version increased to 5.1.2 in this release. For a complete listing of version 5.1.2, see Masking API Client.


  • Extended Connectors

    Extended Connectors is a new feature that allows you to upload additional JDBC Drivers to the Continuous Compliance engine. This enables masking data sources that are not natively supported by Continuous Compliance. For more information, see Managing Extended Connectors.

  • Sync for Tokenization and Reidentification Jobs

    The Sync feature allows you to coordinate the operation of multiple engines. This release adds Sync support for Tokenization and Reidentification Jobs. For more information on the Sync feature, see Managing Multiple Engines for Masking.

  • File Record Type APIs

    When masking a delimited or fixed length file, the Masking Engine uses a file format to interpret the file's contents. Each format has one or more record types. In previous releases, these record types could only be created and managed through the graphical user interface. This release adds the ability to also create and manage file record types through the APIs. Specifically, the following APIs were added:

    recordTypeGET /record-typesGet all record type

    POST /record-typesCreate record type

    DELETE /record-types/Delete record type by ID

    GET /record-types/Get record type by ID

    PUT /record-types/Update record type
    recordTypeQualifierGET /record-type-qualifiersGet all record type qualifiers

    POST /record-type-qualifiersCreate record type qualifier

    DELETE /record-type-qualifiers/Delete record type qualifier by ID

    GET /record-type-qualifiers/Get record type qualifier by ID

    PUT /record-type-qualifiers/Update record type qualifier by ID

    Note that record types are only used for delimited and fixed-length file formats. For more information on record types, see Adding Record Types for Files.


  • Objects Names Requirements

    Delphix 6.0 adds validations for objects names that can be created/renamed manually. For more information, see Naming Requirements.

    Please note that enforcing these requirements might fail the import, sync, or upgrade from pre-6.0 release. For resolving those failures, see [Knowledge Base Article KBA5096](

  • Versioning Framework

    6.0 marks the release of version 5.1 of the Masking API. For information on how the Masking API is versioned, see Masking API Versioning Documentation.

  • New API EndpointsIn 6.0 we have expanded the list of API endpoints to include:
    ApplicationDELETE /applications/Delete application by ID
    Mount FilesystemGET /mount-filesystemGet all mounts

    POST /mount-filesystemCreate a mount

    GET /mount-filesystem/Get a mount by ID

    DELETE /mount-filesystem/Delete a mount by ID

    PUT /mount-filesystem/Update a mount by ID

    PUT /mount-filesystem/Connect a mount by ID

    PUT /mount-filesystem/Disconnect a mount by ID

    PUT /mount-filesystem/Remount a mount by ID

    In addition to the new API endpoints, we have improved existing API endpoints. These improvements include:

    • Addition of the applicationId field to the application model
    • Replacement of the application field with an applicationId field in the Environment model
    • Removal of the classification field from the domain model
    • Addition of the rulesetType field to the Masking, Profiling, Reidentification, and Tokenization job models.
    • Addition of mountName in the ConnectionInfo of a file connector and a mainframe dataset connector to use a filesystem mount point.
    • For more information on Continuous Compliance APIs, see API documentation.

  • NFS and CIFS Mounts

    In previous releases, the Masking Engine has supported masking files via FTP or SFTP. In this release, we have added the ability for users to directly mount and mask a file system over NFS and CIFS. This should dramatically simplify the process of file masking. As with other Masking Engine objects, the Sync feature can be used to coordinate mount objects across multiple engines. For more information on the mount feature, see Managing Remote Mounts.

Release 5.3

  • Synchronizing Masking Jobs and Universal Settings Across Engines
    In 5.2 we introduced the ability to synchronize Masking Algorithms between engines to ensure consistent masking, regardless of the engine executing the masking. In 5.3 we are expanding the list of syncable objects to include:
    • Masking Jobs
    • Connectors
    • Rulesets
    • Domains
    • File Formats

The sync of objects is possible through improvements to several sync API endpoints, including:

  • GET /syncable-objects[?object_type=
  • POST /export
  • POST /export-async
  • POST /import
  • POST/import-async

This expansion of syncable objects ensures that users can sync their Masking Jobs and all the objects necessary for that masking job to execute successfully - regardless of the masking engine it lives on, allowing for easier scaling of Continuous Compliance across the enterprise. For more information, see Managing Multiple Masking Engines.

  • Support for Kerberized Connections
    In 5.2.4 we added support for Kerberos for our Oracle Masking Connector. In 5.3 we have expanded the list of connectors that support Kerberos to:
    • SQL Server
    • Sybase
    • To enable Kerberized connectors your engine must be configured properly and you must configure your masking Connectors for Kerberos. Kerberos can be enabled by going to the Advanced mode on Oracle, SQL Server and Sybase. For more information, see Managing Connectors.
  • New API Endpoints
    In 5.2 we released an all-new set of API endpoints allowing for the automation of many masking workflows. In 5.3 we have expanded this list of API endpoints around Algorithms, Users, Roles, File Upload, System Information, Login, Rulesets, and Connector. Below are the net new API endpoints:
    AlgorithmsPOST /algorithmsCreate algorithm

    DELETE /algorithms/Delete algorithm by name

    GET /algorithms/Get algorithm by name

    PUT /algorithms/Update algorithm by name

    PUT /algorithms/Randomize key by name
    UsersGET /usersGet all users

    POST /usersCreate user

    DELETE /users/Delete user by ID

    GET /users/Get user by ID

    PUT /users/Update user by ID
    RolesGET /rolesGet all roles

    POST /rolesCreate role

    DELETE /roles/Delete role by ID

    GET /roles/Get role by ID

    PUT /roles/Update role by ID
    RulesetsPUT /database-rulesets/Update the rule set’s tables

    PUT /database-rulesets/Refresh the rule set
    ConnectorsPOST /database-connectors/Test a database connector

    POST /database-connectors/testTest an unsaved database connector

    POST /file-connectors/Test a file connector

    POST /file-connectors/testTest an unsaved file connector
    Async TasksGET /async-tasksGet all asyncTasks

    GET /async-tasks/Get asyncTask by ID

    PUT /async-tasks/Cancel asyncTask by ID
    File Upload/DownloadDELETE /file-uploadsDelete all file uploads

    POST /file-uploadsUpload file

    GET /file-downloads/Download file
    System InformationGET /system-informationGet version, etc.
    Login/LogoutPUT /logoutUser logout
    ExecutionsGET /execution-componentsStatus for a table, file, or Mainframe data set
    Tokenization JobGET /tokenization-jobsGet all tokenization jobs

    POST /tokenization-jobsCreate tokenization job

    DELETE /tokenization-jobs/Delete tokenization job by ID

    GET /tokenization-jobs/Get tokenization job by ID

    PUT /tokenization-jobs/Update tokenization job by ID
    Re-identification JobGET /reidentification-jobsGet all re-identification jobs

    POST /reidentification-jobsCreate re-identification job

    DELETE /reidentification-jobs/Delete re-identification job by ID

    GET /reidentification-jobs/Get re-identification job by ID

    PUT /reidentification-jobs/Update re-identification job by ID
    Database RulesetsPUTUpdate Database Ruleset by ID

    In addition to the net new API endpoints, we have improved pre-existing API endpoints. Some of the improvements include:

    • Addition of DB2 iSeries and Mainframe to connector endpoints.
    • Addition of Kerberos configuration on Oracle, SQL Server, and Sybase connectors
    • Ability to have ruleset refresh drop tables
    • Support for XML file types
    • Addition of dataType to column metadata
    • Addition of isProfilerWritable field to file-field-metadata endpoints. This is now represented in the API as a new isProfilerWritable boolean field in the body of a file-field-metadata. When the isProfilerWritable field is set to true, the algorithm/domain assignment on a column can be overwritten by the profiler. When the field is false, it may not be overwritten.
    • Addition of multipleProfilerCheck field to Profile Job endpoints. This feature is turned on using the boolean field in the body of a profile job. The job profiler normally stops profiling a column as soon as it flags a field as sensitive. If multipleProfilerCheck is true, the profiler will continue to scan the column for additional sensitive patterns. In the event that it finds more than one pattern, it will tag all the data domains found and apply 'one' standard algorithm for all those domains. The standard algorithm is ‘Null SL’ as of This feature was formerly called ‘multi PHI’.

For more information on Continuous Compliance APIs, see API documentation. Please note that the previous generation of Masking APIs (commonly referred to as V4) is EOL and no longer supported in this release. All users are encouraged to migrate to the V5 APIs.

Was this article helpful?

What's Next