Tokenization Vault Overview

The Tokenization vault lets you configure the following policy types:

• Tokenization — Format-preserving encryption. For example:

  

  Tokenization can be reversed to retrieve the sensitive data from the token.
  

• Masking — Masks data. You can set the masking character, plus a prefix and suffix value if you want to preserve some of the data. For example:

  Original credit card number: 2222-3333-4444-5555

  Masked credit card number: 22##-####-####-##55

  Masking is one-way encryption. You cannot retrieve the data from the token.

  An example use case is exporting data and generating reports with the sensitive data masked.

• Encryption — Encrypts blocks of unstructured data, such as images and files, using AES-256 in CBC or GCM mode.