brume plan
Secure your data
Column-level pseudonymization with deterministic, keyed transformations.
Apply column-level pseudonymization with the strategy that fits each field. FAKE for realistic synthetic values, MASK for partial reveals, HASH for one-way hashing, NULLIFY to drop sensitive data, or FPE_ID / FPE_UUID for format-preserving encryption of identifiers. Every transformation is deterministic and keyed by your hmac-secret and fpe-key: same input + same secret = same output, every time. Two runs produce identical results — your tests stay stable, your debug sessions stay coherent across rebuilds.
Keep your constraint
Foreign keys stay valid end-to-end. No disabled triggers, no broken joins.
Foreign keys stay valid on the target database. No disabled triggers, no suspended integrity checks, no patching broken joins after the fact. Format-preserving encryption rewrites primary keys and the FKs that point to them consistently, so referential integrity holds end-to-end. And when your business logic spans tables that aren’t formally joined (e.g. an email shared between users and audit_logs), linked_columns guarantees the same real value produces the same fake value across all of them.
Take only what you need
Row-level filters with automatic FK traversal — a self-contained subset of your data.
Define row-level filters on any table (created_at >= ‘2025-01-01’, tenant_id = 42…) and let Brume traverse foreign keys automatically up to fk_depth levels. Both parents and children. You get a self-contained, FK-coherent subset of your production data, scoped to exactly what your debug session or test environment needs. Nothing more, nothing less.
Fully configurable
Declarative
brume.yml— semantic types, JSONB paths, version-controllable.A single declarative brume.yml file describes, per table and per column, the strategy to apply. Semantic types (EMAIL, PHONE, IBAN, ADDRESS…) make generated data contextually realistic, JSONB paths let you target nested fields individually, and the whole file is version-controllable, so you can review and sign off on the exact transformation rules before any pseudonymization run touches a database.
…and much more.
Discover Brume features