The first way is to use pg_dump. To make sure that the
masking takes place, you need to pass the --masked
option
to the
pg_dump application. Then just restore the dump
on another server - typically one that can be accessed by users who are not
supposed to access the non-masked data.