Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.basecut.dev/llms.txt

Use this file to discover all available pages before exploring further.

Basecut applies anonymization during extraction, before data is written to a snapshot. Restores to dev, CI, or staging receive already-masked rows, so masking cannot be skipped as a separate step. For the full anonymize block and all YAML fields, see YAML Reference. For organization-wide enforcement, see Snapshot rules.

Quick start

anonymize: auto
auto turns on built-in PII detection and still lets you add explicit rules for overrides.

Modes

ModeBehavior
autoBuilt-in PII detection plus any explicit rules.
manualOnly explicit rules — no auto-detection.
offNo anonymization.

Which mode should I use?

  • Use auto if you want the safest default for most development, CI, and staging workflows. It catches common PII automatically and still lets you add overrides.
  • Use manual if you need full control over exactly which fields are masked and how. This is common when your schema has unusual field names or domain specific rules.
  • Use off only when you are certain the source data contains no sensitive information or you are working with already-anonymized input.
Shorthand: 
anonymize: auto
# anonymize: off
Object form: 
anonymize:
  mode: auto
  excluded_domains:
    - yourcompany.com
  rules:
    users:
      email: fake_email
      phone: fake_phone
    '*.password_hash': redact

Rules

Use table-grouped keys for public tables (unqualified names resolve to public.<table>) or wildcard keys for patterns such as *.email. 
anonymize:
  mode: manual
  rules:
    users:
      full_name: fake_name
      date_of_birth:
        strategy: date_shift
        params:
          days: 90
    '*.email': fake_email
Complex strategies use strategy + optional params (for example partial_mask with visible, numeric_noise with percent).

Internal and test emails

Top-level excluded_domains skips anonymization for matching email domains (case-insensitive). Per-rule params.excluded_domains overrides that list for a single field. Details and examples are in YAML Reference — anonymize.

Organization policies

On Team and Enterprise plans, Snapshot rules in the app can require specific strategies (for example *.email: fake_email) and excluded tables across every snapshot. See Snapshot rules.

Strategies

StrategyDescription
noneNo transformation
redactReplace with [REDACTED]
nullReplace with null
fixedReplace with params.value
hashDeterministic hash
fake_nameRealistic full name
fake_first_nameFirst name
fake_last_nameLast name
fake_emailRealistic email
email_preserve_domainFake local part, original domain
fake_phonePhone number
fake_date_of_birthDate of birth
fake_usernameUsername / handle
fake_credit_cardLuhn-valid card number
fake_ssnSSN-like value
fake_passportPassport-like value
fake_ibanIBAN-like value
fake_routing_numberRouting number
fake_bank_accountBank account–like value
fake_companyCompany name
fake_job_titleJob title
fake_addressStreet address
fake_cityCity
fake_stateState or province
fake_zipPostal code
fake_countryCountry
fake_ipIP address
fake_macMAC address
fake_uuidUUID
fake_urlURL
fake_paragraphParagraph of text
partial_maskMask value; params.visible = trailing chars kept
date_shiftShift date; params.days
numeric_noise±params.percent variance

See also