Skip to content

You are viewing documentation for Immuta version 2022.5.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Customize and Manage Sensitive Data Discovery

Audience: Data Owners and Governors

Content Summary: This page details the immuta sdd command, its subcommands and arguments, and the workflow for customizing and managing the automatic discovery of your sensitive data. For details about Sensitive Data Discovery (SDD) and how it works, see this overview.

Command Overview: immuta sdd

This command allows you to customize and run SDD in your instance of Immuta. The table below illustrates subcommands and arguments.

Subcommands Description
classifier Manage SDD classifiers.
run Run SDD on specific data sources or all data sources
template Manage SDD templates.


Use these options to get more details about the sdd command or any of its subcommands:

  • -h
  • --help
$ immuta sdd -h
Manage Sensitive Data Discovery

  immuta sdd [command]

Available Commands:
  classifier  Manage Sensitive Data Discovery Classifiers
  run         Run Sensitive Data Discovery with provided options
  template    Manage Sensitive Data Discovery Templates

  -h, --help   Help for sdd

Global Flags:
      --config string    Config file (default $HOME/.immutacfg.yaml)
  -p, --profile string   Specifies the profile for what instance/api the cli will use (default "default")

Use "immuta sdd [command] --help" for more information about a command.

SDD Workflow

Two common workflows for using SDD are outlined below. The first illustrates how to apply a single global template to all data sources, while the second outlines how users can create and apply templates to data sources they own.

The tutorials linked below show how to use the CLI to complete this workflow. For an overview of how Sensitive Data Discovery works, see this overview.

Workflow 1: Apply a Global Template to All Data Sources

  1. Data Governor creates a template using one or more built-in or custom classifiers.
  2. System Administrator adds this template to the global settings so that it applies to all data sources.
  3. Users trigger SDD on data sources.

Workflow 2: Apply a Template to a Specific Data Source

  1. Data Governor creates one or more custom classifiers.
  2. Data Owner creates a template containing one or more classifiers.
  3. Data Owner triggers SDD on one or more data sources, and tags are applied to columns where sensitive data was detected.