There should be a way to programmatically remove sensitive/identifying information from the foreman database, but still allow it to be used to model, for example, unfortunate query behaviors (such as N+1 queries), etc.

We have developed a process for doing this, which involves a script and a second machine. The process is destructive to the database, so we wouldn't want to run this script on the production instance.

The outline of the process is as follows:

• Export a database snapshot
• Load the snapshot on a “safe” test machine
• Change the production access restrictions (i.e. change the database password for the foreman user in the DB)
• Perform the following data transformations:
o Delete authentication sources that are not internal (i.e. LDAP integrations)
o Set the admin user password to “changeme”
o Delete all non-admin users
o Obfuscate all non-smartclass parameters to the string “Overridden”
o Set all Foreman global settings to their defaults
o Change all parameter overrides to obfuscated strings that are syntactically legal but not useful.
o Purge all user sessions
o Purge all audit records

What the database still does have is all of our regular hostnames, fact, and report data.

I’ve validated that the resulting database can be used with a standalone application instance, and can be used (for example) to explore expensive database queries, fact queries, etc.