How to use ApexSQL Mask in ApexSQL Manage

Sensitive data shown in ApexSQL Mask

Applies to

ApexSQL Manage


Managing SQL Server instances often requires various angles of approach depending on the nature of the given tasks. From performing server and database maintenance to health checks, there are several procedures a DBA must implement in order to perform their tasks. While certain tasks can be streamed together, some require a totally different set of tools to be completed in order to improve database security, for example database masking. Masking SQL Server data improves overall security of the SQL Server environment by hiding sensitive data.


This article serves as a guide on how to use ApexSQL Mask from ApexSQL Manage to mask sensitive data.

Using ApexSQL Mask

In order to use ApexSQL Mask from ApexSQL Manage, a SQL Server instance must be discovered and added in ApexSQL Manage, detailed information on the discovering and adding SQL Servers process can be found in the article How to discover SQL Server instances, SSRS, SSAS and SSIS services across the network.

Once this process is completed and ApexSQL Manage is connected to the desired instances, go to the Tools tab in the main ribbon menu.

Tools tab in ApexSQL Manage containing ApexSQL Mask

Check the desired instance from the shown grid that contains a database with sensitive data and click the Mask button. This will run ApexSQL Mask with the dialogue to establish connection to appropriate instance.

Selecting SQL Server instances in ApexSQL Manage for masking sensitive data with ApexSQL Mask

The instance that ApexSQL Mask connection dialogue will pick automatically is the one that was checked in ApexSQL Manage. From here, simply select a database that contains sensitive data and click on the Connect button in order to continue with the masking configuration. For this example, AdventureWorksDW database will be used:

Running ApexSQL Mask from ApexSQL Manage

While ApexSQL Mask is connecting to the desired SQL Server instance and database, the tool will automatically scan the database for sensitive data and show columns that contain the said data. To toggle between different views, All columns or Classified buttons from the Display group can be used to show all the columns in the database or just the columns that have been auto-detected as sensitive:

Sensitive data shown in ApexSQL Mask

If ApexSQL Mask is not installed on the local machine, where ApexSQL Manage is running, clicking on the Mask button will result in prompted message saying that ApexSQL Mask is not installed and will offer to download the tool and install it:

Message from ApexSQL Manage notifying that ApexSQL Mask is not installed

When ApexSQL Mask is successfully installed, clicking the Mask button again will result in actions described above.

Detailed information on ApexSQL Mask and the tool’s features related to this topic are:


ApexSQL Manage components

SQL server instance manage tool central repository database layout in SQL Server Management Studio

Applies to:

ApexSQL Manage


DBAs are typically cautious of what they allow to run on their production environment. It goes without saying that this is the best practice that enforces tighter security. After all, it is the DBA’s responsibility that the database or SQL Server instance is not compromised nor its efficiency reduced.

Configuring Azure DevOps build-release pipelines with ApexSQL DevOps toolkit plugin

ApexSQL DevOps toolkit tasks

Applies to:

ApexSQL DevOps toolkit – Azure DevOps plugin


Standard usage of Azure DevOps pipelines implies that projects are built with the build pipelines, where deploy artifacts would be created, and deployed through the release pipelines. This concept is supported with the ApexSQL DevOps toolkit extension for Azure DevOps when it comes to SQL database projects and this article will explain necessary configuration within ApexSQL integrated tasks to setup this workflow.

Minimal permissions for Amazon RDS in database source control

Granting necessary permissions in the Database Properties window for the newly created user for the shared model

Applies to

ApexSQL Source Control


In this article, all needed database user permissions for linking Amazon Relational Database Service (Amazon RDS) to a source control repository and working with it in the database source control using ApexSQL Source Control will be explained.

When working with Amazon RDS be sure to use the endpoint name of the server that contains in its name for the connection in SQL Server Management Studio.