Closed jimsynz closed 1 year ago
zachdaniel
commented
4 years ago Where in the trace are you finding PII? AFAIK we only set metadata that shouldn't contain PII (like the ecto query w/o its parameters for spandex_ecto). If the PII is in trace metadata that you're setting using tags, you'll just need to scrub it yourself ahead of time.
jimsynz
commented
4 years ago We're seeing it when there's an exception thrown. The stacktrace also contains the arguments passed to the top-most function on the stack (at least in Datadog - I don't know exactly what's sent by spandex). Obviously, we shouldn't be raising so many errors, but it'd be awesome if there was a way for us to filter terms before they're sent.
zachdaniel
commented
4 years ago Ah, yeah that makes sense. I think what might be best is to just provide some kind of "handle_error" callback that is used in the macro syntax/decorators, and leave the rest up to the user. In the meantime (unless you're using decorators), you could define a custom macro that calls the standard "span" and "trace" macros that rescues exceptions and scrubs them or raises a different error.
jimsynz
commented
4 years ago Thanks for the pointers.
Hi there.
Thanks for this library. We're using it for distributed tracing, however we've realised that sometimes PII is being stored in traces - I can't see a way to redact information from traces (like removing passwords, etc) in the documentation. I'll dig into the source code and take a look, but I thought I should ask here to see if anyone had any hints.