PIIcomputerAndDate

Last updated: June 9, 2026

The PIIcomputerAndDate policy check identifies highly-sensitive computer-related and date information in your database changelogs, helping prevent PII data exposure. This check employs the Phileas library of Identifiers to scan INSERT and UPDATE SQL statements in your changesets for computer-related identifiers such as IP addresses, MAC addresses, URLs, and date strings. When the check detects potential computer or date data, it flags the changelog and can block deployment, protecting your organization from accidentally committing sensitive technical information to version control or deploying it to your databases. This check is especially valuable in environments subject to data minimization requirements under GDPR, CCPA, and similar privacy regulations.

Scope

Database

changelog

Any SQL database

Before you begin

  • Create a Check Settings file

  • Update any existing Check Settings file to 5.2+ by running liquibase checks show --auto-update=ON to ensure the PIIcomputerAndDate check appears on the list of checks.

  • (Maven users only) Add the liquibase-checks dependency to your pom.xml file. See Add extensions with Maven for more information.

  • Ensure you have Java 17+ installed. If you used the Liquibase Installer, Java is included automatically. Otherwise, you must install Java manually.

Procedure

1

Enable the PIIcomputerAndDate check

This check is disabled by default. To enable it, run the checks enable command: liquibase checks enable --check-name=PIIcomputerAndDate

2

Customize the check.

After enabling PIIcomputerAndDate, run checks customize to configure the check's behavior. This command lets you set which computer and date identifiers to scan for, the message displayed when a violation is found, and additional identifier-specific options.

Command: liquibase checks customize --check-name=PIIcomputerAndDate

Liquibase prompts you to set these parameters:

  1. Severity — The return code generated on a violation. Options: INFO|0, MINOR|1, MAJOR|2, CRITICAL|3, BLOCKER|4. Default: INFO.

  2. COMPDATE_IDENTIFIERS — The computer and date data types to scan for. Accepts ALL or a comma-separated list of: IP_ADDRESS, MAC_ADDRESS, URL, DATE. Default: ALL.

  3. MESSAGE — The message displayed when a violation is found. The default message includes the detected data type, statement type, statement number, line number, and position.

If DATE is included in COMPDATE_IDENTIFIERS, Liquibase also prompts for:

  1. DATE_VALIDATE — Only detect valid calendar dates, reducing false positives from date-like number sequences. Options: true, false. Default: false.

Example output:

Short Name

Category

Description

Customization

Status

Severity

Scope

Type

PIIcomputerAndDate

Sensitive Data

Identifies highly-sensitive Computer-related and Date information, helping avoid PII data exposure in highly-regulated environments.

COMPDATE_IDENTIFIERS = ALL MESSAGE = Policy violation: raw {filter_type} detected in {stmt_type} at statement #{statement_number}, line {line_number}, positions {start}-{end}.{file_line_info} DATE_VALIDATE = false

enabled

0

changelog

sql, xml, yaml, json

3

Run the checks run command

After enabling and customizing the PIIcomputerAndDate check, run it against your changelog to detect the computer and date identifiers you have configured. Your customized check is stored in your checks settings file.

To run checks with a custom settings file, use the --checks-settings-file parameter. If you don't specify this parameter, Liquibase uses the default liquibase.checks-settings.conf file. You can also use the --changelog-file flag to target a specific changelog.

Checks settings file example: liquibase checks run --checks-settings-file=path_to_my_file_name.yaml

Checks settings file and specific changelog file example: liquibase checks run --checks-settings-file=<path_to_my_file_name>.yaml --changelogfile --<your_changelog_here>.sql

Note: If you run liquibase update with a checks settings file configured, the checks run automatically as part of the update process.

liquibase checks run --checkname < yourCustomizedCheckName > --changelogfile --< yourChangelogHere >.sql

liquibase checks run --checks-settings-file=my_file_name.yaml
4

Analyze the results in the terminal output.

When the PIIcomputerAndDate check finds sensitive data in the changelog, you will see output similar to this in the terminal:

CHANGELOG CHECKS ---------------- Checks completed validation of the changelog and found the following issues: Check Name: PII (Computer and Date) Information detection (PIIcomputerAndDate) Changeset ID: compdate-1 Changeset Filepath: my-changelog.sql Check Severity: INFO (Return code: 0) Message: Policy violation: raw IP-ADDRESS detected in INSERT at statement #1, line 1, positions 54-67. Check Name: PII (Computer and Date) Information detection (PIIcomputerAndDate) Changeset ID: compdate-2 Changeset Filepath: my-changelog.sql Check Severity: INFO (Return code: 0) Message: Policy violation: raw MAC-ADDRESS detected in INSERT at statement #1, line 1, positions 56-73. Changesets Validated: in my-changelog.sql ID: compdate-1; Author: test ID: compdate-2; Author: test Checks run against each changeset: PII (Computer and Date) Information detection (Short names: PIIcomputerAndDate)

The output identifies the check name, changeset ID, file path, severity, and the exact location of the detected computer or date data in the changelog.

Results

Now you can see how the check runs and what the results look like when it flags an issue within the changelog.

You can then remove, mask, or handle the sensitive computer or date information appropriately before committing changes to your database.