Token Vault:

A Token Vault is a secure storage mechanism for tokens generated by Privitar during the de-identification of a dataset. Token Vaults use a secured database as a storage mechanism, (for example, PostGreSQL or AWS DynamoDB), and are associated with a Protected Data Domain.

When consistent Tokenisation is used in a Job, the Token Vault is consulted to determine if a replacement token already exists. That is, has a given input value been previously de-identified with the same Rule within the same Protected Data Domain. If so, the same token is reused. Reusing the token enables data consistency and referential integrity to be preserved where multiple columns share the same value, as the same input always results in the same replacement token.

Storing input values and tokens in a Token Vault also enables Privitar’s controlled Unmasking feature, which can provide the original input value for a given token. This capability is useful in situations where, for example, it is necessary to determine which data subject a token refers to.

Return to glossary