FAQ & Troubleshooting

Common questions and solutions for using Skifta.

General Questions

Is my data safe? Where does Skifta send my SQL dumps?

Nowhere. Skifta processes everything locally on your machine. Your data never leaves your computer. No cloud services, no external servers, no tracking—just secure, local transformations.

All processing happens in-memory or on disk, depending on file size. No data is ever transmitted over the network.

Is this free?

Yes, Skifta is completely free to use during the alpha period. There are no costs, licensing fees, or hidden charges.

Will this corrupt my database structure?

No. Skifta only transforms data values in specified columns. Your schema, foreign keys, indexes, and relationships remain completely intact.

Skifta parses SQL dumps and only modifies the VALUES within INSERT statements. All CREATE TABLE, ALTER TABLE, and other DDL statements pass through unchanged.

What databases are supported?

Currently supported:

• PostgreSQL (versions 9.x through 16.x)
• MySQL (versions 5.7+)
• SQLite (version 3.x)

MariaDB may work using the mysql dialect, but it's not officially supported yet. See Dialect Support for details.

Can I customize how my data is masked?

Yes. Skifta provides multiple built-in transformers with configurable options in your TOML configuration file. You can specify exactly which transformer to use for each column and customize its behavior.

Example:

[[table.columns]]
name = "email"
transformer = { email = { domain = "example.com" } }

See Transformers for all available options.

How fast is it?

Extremely fast. Skifta can process large SQL dumps in seconds. We've successfully processed 4GB files in approximately 3 seconds on modern hardware.

Performance depends on:

• Hardware (CPU, disk I/O)
• SQL dump size
• Number of transformers configured
• Complexity of transformations

Does it work with my CI/CD pipeline?

Yes. Skifta is a CLI tool that integrates easily into any CI/CD pipeline:

• GitHub Actions
• GitLab CI
• Jenkins
• CircleCI
• Bitbucket Pipelines
• Any system that can run shell commands

See CI/CD Integration for detailed examples.

Configuration Questions

What happens if Skifta misses a PII field?

If you don't specify a column in your configuration, Skifta leaves it unchanged. This is by design—you have complete control over what gets transformed.

Best practice:

1. Review your database schema
2. Identify all PII columns
3. Configure transformers for each one
4. Test on a sample dump first

Can I use Skifta on production databases directly?

Not recommended. Skifta is designed to work with SQL dump files, not live databases.

Recommended workflow:

# 1. Export from production
pg_dump production_db > prod-dump.sql

# 2. Transform the dump
skifta -i prod-dump.sql -o masked-dump.sql

# 3. Import to non-production environment
psql staging_db < masked-dump.sql

This approach:

• Keeps production safe
• Allows verification before import
• Enables versioning of dumps
• Works in offline/air-gapped environments

Does Skifta preserve referential integrity?

Yes. Skifta transformers are deterministic within a single run. This means:

• The same input value always produces the same output value
• Foreign key relationships are preserved
• JOIN operations still work correctly

Example:

-- Before transformation
INSERT INTO users (id, email) VALUES (1, '[email protected]');
INSERT INTO orders (user_id) VALUES (1);

-- After transformation (user_id remains consistent)
INSERT INTO users (id, email) VALUES (1, '[email protected]');
INSERT INTO orders (user_id) VALUES (1);

Can I preview what will be masked before running it?

Yes! Use a small sample to preview transformations:

# Extract first 100 lines
head -100 production-dump.sql > sample.sql

# Transform the sample
skifta -i sample.sql -o preview.sql

# Review the output
cat preview.sql

You can also use diff to see exactly what changed:

diff sample.sql preview.sql

Technical Issues

Skifta command not found after installation

Solution 1: Check installation

ls ~/.cargo/bin/skifta

Solution 2: Add to PATH

export PATH="$HOME/.cargo/bin:$PATH"

# Make permanent (bash)
echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc

# Make permanent (zsh)
echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.zshrc
source ~/.zshrc

Solution 3: Reinstall

curl --proto '=https' --tlsv1.2 -LsSf https://sh.skifta.dev | sh

"Parse error" or "Failed to parse SQL"

Common causes:

1. Wrong dialect configured

   # Make sure this matches your database
   dialect = "postgres"  # or "mysql" or "sqlite"

2. Unsupported SQL syntax

   • Skifta focuses on INSERT statements
   • Some advanced/proprietary syntax may not be supported

3. Corrupted dump file

   # Check if dump is valid SQL
   head -50 dump.sql

Solution:

• Verify dialect setting
• Test with a small sample first
• Report parsing issues with example SQL

Transformed output looks wrong

Check these:

1. Verify configuration syntax

   # Skifta validates config on run
   skifta -i test.sql -o output.sql

2. Test with minimal config

   dialect = "postgres"
   
   [[table]]
   name = "users"
   columns = [
     { name = "email", transformer = "email" }
   ]

3. Check table/column names match exactly

   • Names are case-sensitive
   • Quotes matter: "User" ≠ User

4. Review transformer options

   • See Transformers for correct syntax

"Permission denied" errors

Solution 1: File permissions

# Make binary executable
chmod +x ~/.cargo/bin/skifta

# Check input file is readable
ls -la input.sql

Solution 2: Output directory permissions

# Ensure output directory exists and is writable
mkdir -p output/
chmod 755 output/

Installation fails on Linux

Common issues:

1. Missing dependencies

   # Ubuntu/Debian
   sudo apt-get update
   sudo apt-get install curl ca-certificates
   
   # CentOS/RHEL
   sudo yum install curl ca-certificates

2. Architecture not supported

   • Skifta supports x86_64 and ARM64
   • Check: uname -m

Compliance & Security

Is Skifta GDPR compliant?

Skifta is a tool that helps you achieve GDPR compliance by masking personal data. Compliance itself depends on how you use it.

Best practices:

• Mask all personal identifiers (name, email, phone, etc.)
• Transform special category data (health, biometric, etc.)
• Document your masking procedures
• Test masked output to ensure no PII remains

Does Skifta meet HIPAA requirements?

Skifta can help you create de-identified datasets that meet HIPAA Safe Harbor requirements by:

• Removing 18 HIPAA identifiers (names, SSNs, emails, etc.)
• Transforming dates while preserving age ranges
• Masking geographic identifiers

However, you are responsible for ensuring your specific use case meets HIPAA requirements. Consult with compliance experts.

Can I use this for PCI DSS compliance?

Yes, for test data generation. Skifta's credit card transformer generates valid-format test cards that are safe for development/testing.

Never use Skifta on live payment card data. PCI DSS has strict requirements for handling real cardholder data.

What data does Skifta collect?

None. Skifta:

• Runs entirely locally
• Doesn't phone home
• Doesn't send telemetry
• Doesn't track usage
• Doesn't require accounts or API keys

Your data and usage patterns are completely private.

Advanced Usage

Can I write custom transformers?

Not currently. Skifta provides built-in transformers only.

Workaround: Use the static transformer to replace values with placeholders, then post-process with your own scripts.

Future plans: We're considering a plugin system for custom transformers. Let us know if this interests you.

Can Skifta detect PII automatically?

Not yet. You must explicitly configure which columns to transform.

Future plans: Automatic PII detection is on the roadmap. It would:

• Scan column names and data types
• Suggest transformers
• Generate starter configurations

Vote for this feature if you'd like it prioritized.

Does it work with database migrations?

Yes, if your migration includes data. Skifta processes SQL dumps, so:

• ✅ Migrations with INSERT statements work
• ✅ Schema migrations pass through unchanged
• ❌ Cannot transform data in live migration runners (Flyway, Liquibase, etc.)

Recommended approach:

1. Export data separately from schema
2. Mask the data dump
3. Apply schema migrations normally
4. Import masked data

Can I run Skifta in a serverless function?

Yes, if the function supports:

• Running binaries (AWS Lambda custom runtimes, Google Cloud Run, etc.)
• Sufficient memory (depends on dump size)
• Adequate timeout (large dumps take time)

Example for AWS Lambda:

1. Build a custom runtime with Skifta
2. Store config in S3
3. Trigger on S3 upload events
4. Process dumps and write back to S3

See CI/CD Integration for Docker setup, which can be adapted for serverless.

Still Need Help?

Before opening an issue:

1. ✅ Check this FAQ
2. ✅ Review Configuration docs
3. ✅ Try with a minimal example
4. ✅ Check existing issues

Opening an issue:

Include:

• Skifta version (skifta --version)
• Operating system and version
• SQL dialect being used
• Minimal reproducible config
• Error message (full output)
• What you expected vs. what happened

Open an issue on GitHub →

Feature requests:

We love feedback! Open a feature request describing:

• The problem you're trying to solve
• Your current workaround (if any)
• Why this would be valuable

Quick Links

• Installing Skifta: Installation and update guide
• Quickstart: Get started in 5 minutes
• Configuration: Complete configuration reference
• Transformers: Available data transformers
• CI/CD Integration: Integrate into your pipelines
• GitHub Issues: Report bugs or request features