DevOps Integration

DataMasker in Your Salesforce DevOps Pipeline

DataMasker exposes a REST API. Trigger masking from Copado, Gearset, Flosum, GitLab, AutoRabit, or Jenkins. Sandbox refresh and masking run as one automated pipeline step with no manual intervention, no ticket, no delay.

How the API Works

Trigger masking from any pipeline in three steps

1

POST to trigger

Call the DataMasker REST API after your sandbox refresh completes. Pass a configuration ID (a reference to the masking rules you set up once in DataMasker's UI). One line. No complex payload.

2

Poll or webhook

Poll the status endpoint or register a webhook callback URL. When masking completes, DataMasker fires the callback. Your pipeline advances automatically.

3

Sandbox is ready

The sandbox is fully masked. All PII replaced. Execution log available in Salesforce showing every object processed, record count, and completion time.

Copado Walkthrough

What it looks like inside Copado

Based on a live Copado integration demo. Your Salesforce org on the left, your sandbox on the right. DataMasker runs between deployment and developer access.

1

Add a DataMasker step to your Copado deployment

Inside Copado, create a deployment step that calls the DataMasker REST API. In a real pipeline this step sits after metadata migration, data seeding, and any other setup steps. It is the final step before developers receive sandbox access.

2

Pass a configuration ID: one line of code

The DataMasker API call takes a single configuration ID that specifies exactly which objects and fields to mask. One configuration might mask all Lead records; another might mask Contacts, Accounts, and Cases. You set up these configurations once in DataMasker's UI, then reference them by ID from your pipeline.

3

Copado authenticates automatically

Because Copado is already pre-authenticated with the target sandbox, DataMasker operates in the context of Salesforce security automatically. No separate credentials or API key setup for each sandbox. The right permissions are inherited from your Copado connection.

4

DataMasker executes inside the sandbox

DataMasker receives the API call and immediately begins masking inside the sandbox, replacing names with realistic substitutes, redirecting email addresses, applying any custom patterns you have configured. First and last names are randomly populated. Email addresses are replaced. Custom field values (like hardcoded text in a Title field) are set exactly as configured.

5

Execution log confirms what changed

After masking completes, the DataMasker execution log shows every object processed, record count, and completion status. All of this is queryable from inside Salesforce. The log confirms what masking ran, when it ran, and how many records were processed, providing an audit trail your compliance team can reference.

2–3.5M

Records masked in seconds via Copado-triggered pipeline

DataMasker uses a proprietary bulk Apex technique. In the live Copado demo, a masking run on a small sandbox started and completed in under 30 seconds. Execution logs showed all records processed. For larger orgs, the same API call pattern scales to millions of records across any number of objects.

Supported Platforms

Works with your existing DevOps toolchain

Copado

Native step available

Add a DataMasker step inside your Copado deployment. Copado is already pre-authenticated with the target sandbox. DataMasker operates in the context of Salesforce security automatically. One API call with a configuration ID is all that is required.

Copado passes the sandbox context to DataMasker. No separate authentication setup. Masking executes inside the sandbox as part of your existing Copado deployment workflow.

Gearset

REST API integration

Integrate DataMasker with Gearset deployment pipelines via REST API. Masking executes after each sandbox refresh; every environment in your Gearset pipeline contains masked data automatically.

Call DataMasker after Gearset's sandbox seeding step. Pass the configuration ID and sandbox name. Poll for completion or use webhook callback before advancing the pipeline.

Flosum

REST API integration

Add DataMasker to Flosum deployment workflows. Masking is triggered as a post-deployment step, keeping all Flosum-managed environments compliant without manual intervention.

Works with Flosum's existing post-deployment hook pattern. DataMasker configuration IDs allow different masking rules per environment type.

AutoRabit

REST API integration

Connect DataMasker to AutoRabit pipelines via REST API. Sandbox environments provisioned by AutoRabit receive automatic masking without a separate manual step.

Trigger masking as an AutoRabit post-deployment action. Execution logs are stored in DataMasker and queryable from Salesforce.

GitLab / GitHub Actions

REST API + webhook

Trigger DataMasker masking jobs from GitLab CI/CD or GitHub Actions using the REST API. Masking becomes a standard CI pipeline stage alongside tests, metadata deployment, and data seeding.

curl or any HTTP client can call the DataMasker REST API. Webhook callback fires when masking completes, signaling the next pipeline stage to proceed.

Jenkins

REST API integration

Call DataMasker's REST API from Jenkins pipelines. Works with any Jenkins-based Salesforce deployment workflow: standard HTTP step or groovy script.

Integrates with existing Jenkins Salesforce pipelines. No plugin required: plain REST API call with polling or webhook pattern.

Frequently Asked Questions

See DataMasker in your DevOps pipeline

We will walk through integration with your specific tool (Copado, Gearset, or custom pipeline) in a 30-minute technical session.

Schedule a Technical DemoHow DataMasker Works