How to redact information from traces?
Closed this issue · 4 comments
Hi there.
Thanks for this library. We're using it for distributed tracing, however we've realised that sometimes PII is being stored in traces - I can't see a way to redact information from traces (like removing passwords, etc) in the documentation. I'll dig into the source code and take a look, but I thought I should ask here to see if anyone had any hints.
Where in the trace are you finding PII? AFAIK we only set metadata that shouldn't contain PII (like the ecto query w/o its parameters for spandex_ecto). If the PII is in trace metadata that you're setting using tags, you'll just need to scrub it yourself ahead of time.
We're seeing it when there's an exception thrown. The stacktrace also contains the arguments passed to the top-most function on the stack (at least in Datadog - I don't know exactly what's sent by spandex). Obviously, we shouldn't be raising so many errors, but it'd be awesome if there was a way for us to filter terms before they're sent.
Ah, yeah that makes sense. I think what might be best is to just provide some kind of "handle_error" callback that is used in the macro syntax/decorators, and leave the rest up to the user. In the meantime (unless you're using decorators), you could define a custom macro that calls the standard "span" and "trace" macros that rescues exceptions and scrubs them or raises a different error.
Thanks for the pointers.