Open Math3v opened 3 years ago
There's currently no automatic/manual way to instruct the SDK to scrub potentially sensitive properties.
import { datadogLogs } from '@datadog/browser-logs' datadogLogs.logger.info('Button clicked', { name: 'buttonName', id: 123, password: 'myPlainTextPassword' })
Would it be possible to add a configuration or do it even automatically similar to e.g. Rollbar?
https://docs.rollbar.com/docs/rollbarjs-configuration-reference
Default scrubbed fields for servers: ["pw", "pass", "passwd", "password", "password_confirmation", "passwordConfirmation", "confirm_password", "confirmPassword", "secret", "secret_token", "secretToken", "secret_key", "secretKey", "api_key", "access_token", "accessToken", "authenticity_token", "oauth_token", "token", "user_session_secret", "request.session.csrf", "request.session._csrf", "request.params._csrf", "request.cookie", "request.cookies"] Default scrubbed fields for browsers: ["pw", "pass", "passwd", "password", "secret", "confirm_password", "confirmPassword", "password_confirmation", "passwordConfirmation", "access_token", "accessToken", "secret_key", "secretKey", "secretToken", "cc-number", "card number", "cardnumber", "cardnum", "ccnum", "ccnumber", "cc num", "creditcardnumber", "credit card number", "newcreditcardnumber", "new credit card", "creditcardno", "credit card no", "card#", "card #", "cc-csc", "cvc2", "cvv2", "ccv2", "security code", "card verification", "name on credit card", "name on card", "nameoncard", "cardholder", "card holder", "name des karteninhabers", "card type", "cardtype", "cc type", "cctype", "payment type", "expiration date", "expirationdate", "expdate", "cc-exp"]
This could be extended to the existing scrubbable properties as well: https://docs.datadoghq.com/real_user_monitoring/browser/advanced_configuration/?tab=npm#scrub-sensitive-data-from-your-rum-data so that emails, passwords, tokens will be automatically scrubbed from urls, error stacks, etc.
urls
Hello @Math3v,
You could use beforeSend to manually scrub sensitive data from fields collected by the SDK. No plans for now for automatic scrubbing.
There's currently no automatic/manual way to instruct the SDK to scrub potentially sensitive properties.
Would it be possible to add a configuration or do it even automatically similar to e.g. Rollbar?
https://docs.rollbar.com/docs/rollbarjs-configuration-reference
This could be extended to the existing scrubbable properties as well: https://docs.datadoghq.com/real_user_monitoring/browser/advanced_configuration/?tab=npm#scrub-sensitive-data-from-your-rum-data so that emails, passwords, tokens will be automatically scrubbed from
urls
, error stacks, etc.