DEV.co
Open-Source Databases · GreenmaskIO

greenmask

Greenmask is an open-source tool that creates anonymized, backup-compatible database dumps for PostgreSQL and MySQL (beta). It masks sensitive data, generates synthetic test records, and can subset databases while maintaining referential integrity—useful for safely sharing production data with development and testing teams.

Source: GitHub — github.com/GreenmaskIO/greenmask
1.7k
GitHub stars
62
Forks
Go
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryGreenmaskIO/greenmask
OwnerGreenmaskIO
Primary languageGo
LicenseApache-2.0 — OSI-approved
Stars1.7k
Forks62
Open issues49
Latest releasev0.2.22 (2026-07-01)
Last updated2026-07-05
Sourcehttps://github.com/GreenmaskIO/greenmask

What greenmask is

Written in Go, Greenmask operates as a stateless logical dump proxy that intercepts database exports, applies configurable transformations (hashing, masking, synthetic generation) via a declarative config, and outputs standard SQL dumps compatible with pg_restore and mysqldump. It supports deterministic transforms, dynamic parameters, conditional logic, and S3-compatible storage.

Quickstart

Get the greenmask source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/GreenmaskIO/greenmask.gitcd greenmask# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

PII Anonymization for Non-Production Environments

Safely share production database snapshots with dev, staging, and QA teams by automatically masking personally identifiable information (names, emails, phone numbers, SSNs) while preserving data structure and relationships.

Database Subsetting for Local Development

Generate lightweight, referentially intact database subsets from production to enable developers to work locally with realistic data without the overhead of full production dumps. Handles cyclic and polymorphic foreign keys.

Compliance and Testing Data Management

Support regulatory requirements (GDPR, HIPAA, PCI-DSS) by automatically de-identifying sensitive data during backup creation. Use synthetic data generation for reproducible test scenarios without real customer information.

Implementation considerations

  • PostgreSQL is production-ready; MySQL is beta. Validate MySQL support thoroughly before committing to production use.
  • Transformation rules are defined in config files (YAML or similar, inferred from docs references). Plan time for transformation inventory and testing before deploying to pipelines.
  • Stateless operation means each run is independent; ensure backup storage (local or S3) is sized and accessible from execution environment.
  • Deterministic hashing requires stable input; coordinate transformation definitions across teams to avoid divergent masked datasets.
  • Output is a standard SQL dump; restoration speed depends on target database performance and dump size, not Greenmask itself.

When to avoid it — and what to weigh

  • MySQL Production Use (Requires Caution) — MySQL support is listed as 'Work In Progress (Beta)'. Do not rely on this for production MySQL workflows until maturity is confirmed via release notes and testing.
  • Real-Time Streaming or OLTP Replication — Greenmask is a logical dump tool, not a replication engine. It is not designed for continuous real-time data synchronization or OLTP mirroring between systems.
  • Minimal Security Posture Required — If your organization has no confidentiality or compliance requirements around non-production data handling, the overhead of transformation configuration may not justify adoption.
  • Proprietary or Black-Box Transformation Logic — Greenmask's transformations are defined in declarative config files; if your masking rules are tightly coupled to undocumented business logic, custom integration will be needed.

License & commercial use

Licensed under Apache License 2.0 (Apache-2.0), a permissive OSI-approved open-source license. Source code is freely available on GitHub; modifications and redistribution are permitted under the Apache-2.0 terms.

Apache-2.0 permits commercial use without royalties or attribution requirements. However, this evaluation is based solely on the license text; review your legal team's interpretation for enterprise deployment, especially regarding warranty disclaimers and liability limitations in the Apache-2.0 terms. No commercial support, SLA, or indemnification commitment is evident from the repository data.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Greenmask handles sensitive data by design; consider: (1) access control to transformation config files (they define masking rules and may contain secrets), (2) secure storage of output dumps (masks PII but is still a full database export), (3) audit logging of who ran anonymization jobs and when, (4) credentials management for database and S3 access (store in environment variables or secrets manager, not in config files). No security audit or penetration test data provided; assume standard code review practices apply.

Alternatives to consider

pgBadger / AWS DMS Replication with Data Masking Filters

AWS Data Migration Service with custom data masking hooks provides managed, enterprise-grade anonymization but with vendor lock-in and higher operational overhead compared to Greenmask's stateless model.

Anonymizer (PostgreSQL Extension) / Tonic Structural (Third-party SaaS)

Native PostgreSQL extension approach is simpler for schema-native masking; Tonic is a cloud SaaS alternative with integrated governance but requires external vendor and ongoing SaaS cost.

Custom ETL with Apache Airflow + Faker Libraries

Offers maximum flexibility and control but requires significant engineering effort to build and maintain data transformation pipelines; suitable only if masking logic is highly bespoke.

Software development agency

Build on greenmask with DEV.co software developers

Greenmask streamlines PII masking for non-production environments. Try the sandbox, define transformations for your schema, and integrate into your backup pipeline—no vendor lock-in, no SaaS costs.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

greenmask FAQ

Is Greenmask suitable for production backups?
Yes for PostgreSQL (marked production-ready); no for MySQL (beta). Greenmask is a logical dump tool compatible with standard restore utilities. Use alongside your existing backup strategy, not as a replacement for physical backups or WAL archiving.
Can I use Greenmask to anonymize an existing database in-place?
No. Greenmask creates a new anonymized dump; it does not modify the source database. Use the dump output to create a separate anonymized copy or restore to a non-production environment.
How do I define custom data masking rules?
Transformations are defined in YAML/JSON config files with built-in transformers (hash, faker, etc.) or custom CMD transformers. Refer to docs.greenmask.io for transformer syntax and examples.
What is the performance impact on the source database?
Greenmask reads data via standard SQL queries; performance depends on query complexity, database size, and network latency. It does not lock tables or use replication features, minimizing production impact. Test on non-production replicas first.

Custom software development services

DEV.co helps companies turn open-source tools like greenmask into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source databases stack.

Anonymize Your Database Dumps in Minutes

Greenmask streamlines PII masking for non-production environments. Try the sandbox, define transformations for your schema, and integrate into your backup pipeline—no vendor lock-in, no SaaS costs.