opentelemetry-js
opentelemetry-js copied to clipboard
open-telemetry
Masking sensitive trace data
In it's current form, opentelemetry transmits all kinds of data to tracing backends that users may want to mask or obfuscate
Do we want to handle this on the collection side or put the burden on tracing backends?
What should the default unconfigured behavior be?
- mask everything
- mask nothing
- attempt to mask intelligently based on heuristics (password field is obviously sensitive)
Is this an issue for the spec?
The semantic convention for db already has some vague wording about "may be masked", but is a more general recommendation from the spec about how and when to mask data something we should think about? https://github.com/open-telemetry/opentelemetry-specification/blob/9c74d46525a7c1e24bace0d51adf214be85c6701/specification/data-database.md
Do we want to handle this on the collection side or put the burden on tracing backends?
Plugins already have options to ignore data, e.g. @opentelemetry/plugin-http.
This makes sense for specific common-ish cases.
Backends could have more sledgehammer approaches with regexes, etc.
What should the default unconfigured behavior be?
Mask nothing. Masking is an exception to the normal behavior, and the API should reflect that.
Is this an issue for the spec?
Not as far as I know.
any update on this issue ? Is there any efficient way of masking sensitive data in traces?
any update on this issue ? Is there any efficient way of masking sensitive data in traces?
There is no general mechanism for this right now. The collector has some filtering facilities. Are you trying to mask something particular?
My understanding is that nowadays, semantic conventions give guidance on how to handle masking. Any modification of metric data beyond that has to be handled on the collector.
Closing as not planned. Of course if there's future spec guidance on it we'll implement that.
