# Protect sensitive data, such as social security numbers, through obfuscation

Sensitive identity data, such as social security numbers, must be managed with respect for personal integrity and in compliance with national regulations. Such data should never be stored in plain text.

This document outlines how to create, edit, and read obfuscated ("hashed") social security number values. The functionality is pipes-based and can be used across all Fortified ID products. The same approach may be applied to other types of sensitive identity data, excluding passwords.

### Create

Add these valves to the pipe responsible for creating the identity object.

In the example below, Entra ID serves as the user store, with the scrambled value saved in the user attribute `faxNumber`. The user has authenticated via BankID, resulting in the export variable `personalNumber` containing the user’s social security number.

Adjust the final valve to match your user store, attribute name, or other specific properties as needed.

```json
  {
        "name": "CreateItem",
        "config": {
            "id": "temp_for_pnr",
            "properties": {
                "personalNumber": "{{{exports.personalNumber}}}"
            }
        }
    },
    {
        "name": "ItemPropertyHash",
        "config": {
            "name": "hash_personalNumber",
            "value": "${item.personalNumber}",
            "algorithm": "sha-1"
        }
    },
    {
        "name": "EntraIDCreateUser",
        "config": {
            "namespace": "${globals.EntraID.tenant1.namespace}",
            "ignore_error": false,
            "id_property": "id",
            "create_request_template": {
              .

                "faxNumber": "{{{item.hash_personalNumber}}}",
              .

            }
        }
    }
```

### Edit

Add these valves to the pipe responsible for editing the identity object.

In the example below, Entra ID serves as the user store, with the scrambled value saved in the user attribute `faxNumber`. The user has authenticated via BankID, resulting in the export variable `personalNumber` containing the user’s social security number.

Adjust the final valve to match your user store, attribute name, or other specific properties as needed.

```json
  {
        "name": "CreateItem",
        "config": {
            "id": "temp_for_pnr",
            "properties": {
                "personalNumber": "{{{exports.personalNumber}}}"
            }
        }
    },
    {
        "name": "ItemPropertyHash",
        "config": {
            "name": "hash_personalNumber",
            "value": "${item.personalNumber}",
            "algorithm": "sha-1"
        }
    },
    {
        "name": "EntraIDUpdateUser",
        "config": {
            "namespace": "${globals.EntraID.tenant1.namespace}",
            "ignore_error": false,
            "user_id": "{{{session.entra_identifier}}}",
            "request_template": {
              .

                "faxNumber": "{{{item.hash_personalNumber}}}",
              .

            }
        }
    }
```

### Read (lookup)

Add these valves to the pipe responsible for reading the identity object.

In the example below, Entra ID serves as the user store, with the scrambled value saved in the user attribute `faxNumber`. The user has authenticated via BankID, resulting in the export variable `personalNumber` containing the user’s social security number.

Adjust the final valve to match your user store, attribute name, or other specific properties as needed.

```json
  {
        "name": "CreateItem",
        "config": {
            "id": "temp_for_pnr",
            "properties": {
                "personalNumber": "{{{exports.personalNumber}}}"
            }
        }
    },
    {
        "name": "ItemPropertyHash",
        "config": {
            "name": "hash_personalNumber",
            "value": "${item.personalNumber}",
            "algorithm": "sha-1"
        }
    },
   {
        "name": "ExportsPut",
        "enabled": true,
        "config": {
            "name": "hash_personalNumber",
            "value": "{{{item.hash_personalNumber}}}",
            "replace": true
        }
     },
     {
        "name": "RemoveItems",
        "config": {}
     },
     {
        "name": "EntraIDListUsers",
        "config": {
            "namespace": "${globals.EntraID.tenant1.namespace}",
            "filter": "startsWith(faxNumber,'{{{exports.hash_personalNumber}}}')",
            "select": "displayName,givenName,surname,mail,userPrincipalName",
            "id_property": "id"
        }
     }
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fortifiedid.se/use-cases/misc/protect-sensitive-data-such-as-social-security-numbers-through-obfuscation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.