Skip to content
Quickstart
install · debian/ubuntu
# 1. Configure the repo (one time only)
$curl -1sLf \
'https://dl.cloudsmith.io/public/brume/brume/setup.deb.sh' \
| sudo -E bash
# 2. Install
$sudo apt-get install brume
# Updates afterwards
$sudo apt-get update && \
sudo apt-get upgrade brume
# 1. Configure the repo (one time only)
$curl -1sLf \
'https://dl.cloudsmith.io/public/brume/brume/setup.rpm.sh' \
| sudo -E bash
# 2. Install
$sudo dnf install brume
# 1. Configure the repo (one time only)
$brew tap brumeorg/brume
$brew trust --formula brumeorg/brume/brume
# 2. Install
$brew install brume
# Updates afterwards
$brew upgrade brume

brume plan

Deterministic PostgreSQL pseudonymization with foreign key preservation. For debugging, testing, demos — anywhere but production.
  • Secure your data

    Column-level pseudonymization with deterministic, keyed transformations.

    Apply column-level pseudonymization with the strategy that fits each field. FAKE for realistic synthetic values, MASK for partial reveals, HASH for one-way hashing, NULLIFY to drop sensitive data, or FPE_ID / FPE_UUID for format-preserving encryption of identifiers. Every transformation is deterministic and keyed by your hmac-secret and fpe-key: same input + same secret = same output, every time. Two runs produce identical results — your tests stay stable, your debug sessions stay coherent across rebuilds.

  • Keep your constraint

    Foreign keys stay valid end-to-end. No disabled triggers, no broken joins.

    Foreign keys stay valid on the target database. No disabled triggers, no suspended integrity checks, no patching broken joins after the fact. Format-preserving encryption rewrites primary keys and the FKs that point to them consistently, so referential integrity holds end-to-end. And when your business logic spans tables that aren’t formally joined (e.g. an email shared between users and audit_logs), linked_columns guarantees the same real value produces the same fake value across all of them.

  • Take only what you need

    Row-level filters with automatic FK traversal — a self-contained subset of your data.

    Define row-level filters on any table (created_at >= ‘2025-01-01’, tenant_id = 42…) and let Brume traverse foreign keys automatically up to fk_depth levels. Both parents and children. You get a self-contained, FK-coherent subset of your production data, scoped to exactly what your debug session or test environment needs. Nothing more, nothing less.

  • Fully configurable

    Declarative brume.yml — semantic types, JSONB paths, version-controllable.

    A single declarative brume.yml file describes, per table and per column, the strategy to apply. Semantic types (EMAIL, PHONE, IBAN, ADDRESS…) make generated data contextually realistic, JSONB paths let you target nested fields individually, and the whole file is version-controllable, so you can review and sign off on the exact transformation rules before any pseudonymization run touches a database.

…and much more.

Discover Brume features