The redgate/tdm  Docker image includes the rganonymize  and rgsubset  CLI binaries alongside the web application. By overriding the container entrypoint, you can run either tool directly, without launching the UI.

This lets you run anonymisation or subsetting as a step in a CI/CD pipeline, without installing anything on your build agents.

How it works

Override the default entrypoint when running the container: 

docker run --rm --entrypoint /app/rganonymize redgate/tdm [command] [args] 

• --rm removes the container once the command exists, so stopped containers don't accumulate on your runner.
• –entrypoint /app/rganonymize  replaces the default process (the TDM web app) with the CLI binary.
• Everything after the image name is passed to the binary as arguments: subcommands, flags, connection strings, and so on.

Anonymisation commands

Run rganonymize  subcommands by passing them after the image name: 

Classify sensitive columns in your database

docker run --rm --entrypoint /app/rganonymize redgate/tdm classify [args]

 Generate a masking map

docker run --rm --entrypoint /app/rganonymize redgate/tdm map [args]

Mask the data

docker run --rm --entrypoint /app/rganonymize redgate/tdm mask [args]

For the full list of arguments for each subcommand, see the rganonymize CLI reference.

Subsetting

Use rgsubset  the same way:

docker run --rm --entrypoint /app/rgsubset redgate/tdm run [args] 

For the full list of arguments, see the rgsubset CLI reference.

Use in a pipeline

Each invocation is a standard docker run  command, so it works in any CI/CD pipeline that has Docker available. Pass your database connection details and configuration as arguments, and the container exits when the operation completes.