The first way is to use pg_dump. To make sure that the masking takes place, you need to pass the --masked option to the pg_dump application. Then just restore the dump on another server - typically one that can be accessed by users who are not supposed to access the non-masked data.