Anonymize your MySQL databases for non-production environments
Anonyx connects to your production MySQL or MariaDB servers and provisions your development, test and analytics environments with anonymized copies. InnoDB constraints, generated columns, views and triggers are preserved. You keep the richness of your schema without exposing any real personal data.
- MySQL 5.7, 8.0 and 8.4 supported, Aurora MySQL and managed services included
- InnoDB referential integrity preserved, triggers and views replicated
- Deep JSON column anonymization via JSON Path
- 80+ PII transformations for French, EU and international datasets
- Deterministic anonymization to preserve inter-table joins
- EU sovereign hosting, GDPR compliance built-in
Native MySQL protocol connection
Anonyx speaks the native MySQL protocol via the mysql2 library. You provide credentials for an account with SELECT on the source database and INSERT, UPDATE, DELETE, CREATE on the target. No agent to install on the server, no script for your DBA to run. Anonyx connects from our EU-hosted workers (or from your dedicated VPS on the Business plan) and orchestrates the full pipeline.
For databases sitting behind a private VPC with no public exposure, the Business plan offers an automated SSH tunnel or a site-to-site VPN deployment. Your credentials and keys are encrypted at rest (AES-256-GCM) and in transit (TLS 1.3); they are never logged nor exposed in technical exports.
InnoDB integrity and complex schemas
The InnoDB engine enforces FOREIGN KEY constraints strictly. Anonyx introspects the dependency graph between tables (information_schema.KEY_COLUMN_USAGE) and computes a topological write order that respects constraints. Any cycles (rare, but possible with deferrable FKs) are resolved with a two-pass insertion: first with NULL or stub values, then updated once all referenced rows exist.
Triggers (BEFORE/AFTER INSERT/UPDATE/DELETE) can be preserved as-is on the target or neutralized during writes to avoid side effects (email sends, audit table writes). The default policy is to neutralize during writes and reactivate afterwards, but you can override per rule.
JSON columns and modern types
MySQL 5.7+ supports native JSON columns. Anonyx parses these columns and allows anonymizing specific subfields via JSON Path expressions (e.g. $.user.email or $.address.zipcode) while leaving the rest of the document intact. Native MySQL functions (JSON_SET, JSON_REPLACE) are used for writes, preserving original ordering and formatting.
Generated columns (GENERATED ALWAYS) are never written by Anonyx - MySQL automatically recomputes them from source columns after insertion. Spatial columns (POINT, LINESTRING, POLYGON via MyGIS) can be anonymized with geographic fuzzing over a configurable radius.
Performance and production operation
On a 50 GB MySQL database with a typical e-commerce schema (users, orders, products, payments, logs), Anonyx completes anonymization in 15 to 25 minutes with four workers. Larger databases benefit from incremental mode based on the updated_at column or a dedicated timestamp.
Runs can be triggered manually, scheduled (cron), or wired into your CI/CD pipeline. A configurable webhook notifies Slack, Teams, or any HTTP endpoint at job completion. Prometheus metrics expose duration, volume, rows processed and per-rule errors for fine-grained supervision.