Template
Overview
The Template menu is used to manage Token Templates in OneDB.
A token template defines how OneDB handles tokenized data when it is accessed, detokenized, or displayed through an application or API request. Each template is associated with a cryptographic key and may optionally include masking rules.
Templates help administrators control whether sensitive data should be returned in full, returned with masking, or processed using a specific masking format.
Main Functions
Administrators can use the Template menu to:
- View existing token templates
- Add a new token template
- Assign a key to a token template
- Assign a masking rule to a token template
- Configure date parsing and formatting behavior
- Configure visible characters using Keep Left and Keep Right
- Edit an existing token template
- Delete an unused token template
Token Template Management
The Token Template Management page displays the list of configured token templates.
Example information displayed:
| Field | Description |
|---|---|
| Template Name | The name of the token template. |
| Key | The key assigned to the template. |
| Masking | The masking rule assigned to the template, if any. |
| Edit | Opens the template for modification. |
| Delete | Removes the selected template. |
Example templates:
| Template Name | Key | Masking |
|---|---|---|
| App_With_Masking_Regex | key1 | masking-regex-email |
| App_With_Masking | key1 | masking-simple |
| App_Without_Masking | key1 | – |
Add Token Template
The Token Template Add page is used to create a new token template.
Administrators must define the template name, select the key, and optionally configure masking behavior.
Token Template Fields
| Field | Description |
|---|---|
| Template Name | Defines the name of the token template. This name is used by applications or API requests to identify which token handling rule should be applied. |
| Key Name | Selects the cryptographic key used by the template. The key is used by OneDB when processing tokenized data. |
| Apply Date Parsing and Formatting | Enables special parsing and formatting behavior for date or timestamp values. |
| Masking | Selects the masking rule that should be applied when data is returned or displayed. |
| Keep Right | Defines how many characters from the right side of the value should remain visible. |
| Keep Left | Defines how many characters from the left side of the value should remain visible. |
Template Name
The Template Name field defines the unique name of the token template.
Applications or API requests may refer to this template name when requesting tokenization, detokenization, or protected data display.
Example template names:
App_With_Masking
App_With_Masking_Regex
App_Without_Masking
Customer_API_Masked
Customer_API_UnmaskedRecommended naming convention:
<Application>_<Purpose>_<MaskingBehavior>Example:
CRM_Detokenize_Masked
MobileApp_Detokenize_Partial
BackOffice_Detokenize_UnmaskedKey Name
The Key Name field is used to select the cryptographic key associated with the token template.
The selected key determines which key OneDB uses when processing tokenized data for this template.
Before creating a token template, ensure that the required key has already been created in the Keys menu.
Apply Date Parsing and Formatting
The Apply Date Parsing and Formatting option is used when the column contains date or timestamp values.
When enabled, OneDB applies date parsing and formatting logic before returning the value. This option is useful when the protected field contains date-based data that must be displayed in a consistent format.
Recommended usage:
| Value Type | Recommendation |
|---|---|
| Text | Disable unless specific formatting is required. |
| Number | Disable unless specific formatting is required. |
| Date | Enable when the value contains date data. |
| Timestamp | Enable when the value contains timestamp data. |
Masking
The Masking field is used to select the masking rule that should be applied to the returned value.
If a masking rule is selected, OneDB returns the value according to the selected masking behavior. If no masking rule is selected, OneDB may return the value without masking, depending on the template configuration and access policy.
Example masking options:
| Masking Rule | Example Usage |
|---|---|
| masking-simple | Applies standard masking behavior. |
| masking-regex-email | Applies regex-based masking for email values. |
| No Masking | Returns the value without masking. |
Keep Left and Keep Right
Keep Left and Keep Right define how many characters remain visible from the beginning and end of the returned value.
These options are useful when administrators want to display partial data while hiding the sensitive portion.
Example:
| Original Value | Keep Left | Keep Right | Masked Result Example |
|---|---|---|---|
| shean@domain.com | 2 | 10 | sa****domain.com |
| 4111111111111111 | 4 | 4 | 4111********1111 |
| Shean Hathway | 1 | 1 | S**** ******y |
The actual masking output depends on the selected masking rule.
Template Behavior Examples
Templates allow administrators to create different access behavior for different applications or user groups.
| Template Name | Behavior |
|---|---|
| App_Without_Masking | Returns detokenized data without masking. |
| App_With_Masking | Returns detokenized data with standard masking. |
| App_With_Masking_Regex | Returns detokenized data using regex-based masking. |
Example scenario:
| Application | Template | Result |
|---|---|---|
| Core Banking App | App_Without_Masking | Application receives full detokenized value. |
| Customer Service App | App_With_Masking | Application receives partially masked value. |
| Notification Service | App_With_Masking_Regex | Application receives masked value using regex format. |
How to Add a Token Template
- Open the Template menu.
- Click Add Token Template.
- Enter the Template Name.
- Select the Key Name.
- Select whether to enable Apply Date Parsing and Formatting.
- Select a Masking rule if masking is required.
- Configure Keep Right and Keep Left values if partial display is required.
- Click Submit.
How to Edit a Token Template
- Open the Template menu.
- Find the token template that needs to be updated.
- Click the Edit icon.
- Modify the required fields.
- Save the changes.
How to Delete a Token Template
- Open the Template menu.
- Find the token template that should be removed.
- Click the Delete icon.
- Confirm the deletion if prompted.
Before deleting a token template, ensure that it is no longer used by any application, API user, or data protection flow.
Important Notes
- A token template requires a valid key.
- Masking is optional, depending on the intended template behavior.
- A template without masking may return full detokenized data.
- Date parsing and formatting should only be enabled for date or timestamp values.
- Keep Left and Keep Right values should be configured carefully to avoid exposing too much sensitive information.
- Template names should be clear and consistent because they may be referenced by API requests.
Recommended Practice
Use different templates for different application access requirements.
Recommended examples:
| Use Case | Recommended Template Behavior |
|---|---|
| Internal trusted application | Detokenization without masking, if business-approved. |
| Customer service application | Detokenization with partial masking. |
| Reporting application | Masked or tokenized display only. |
| External API integration | Strict masking or no detokenization, depending on policy. |
Recommended controls:
| Recommendation | Description |
|---|---|
| Use clear naming | Template names should describe the application and masking behavior. |
| Avoid unnecessary unmasked access | Only allow unmasked detokenization for approved use cases. |
| Use masking for operational users | Customer-facing or support users should normally receive masked data. |
| Review template usage | Periodically review which applications use each template. |
| Test before production | Validate the output using sample tokenized data before applying it to production. |
