You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/dynamic_instrumentation/sensitive-data-scrubbing.md
+5-3
Original file line number
Diff line number
Diff line change
@@ -11,11 +11,11 @@ further_reading:
11
11
12
12
## Overview
13
13
14
-
Datadog Dynamic Instrumentation enhances the observability and debugging capabilities of your applications by capturing variable data at arbitrary code locations in production environments. It also can craft and evaluate expressions in real-time, and integrate their outputs into log messages or add them as span tags.
14
+
Datadog Dynamic Instrumentation enhances the observability and debugging capabilities of your applications by capturing variable data at arbitrary code locations in production environments. It also can craft and evaluate expressions in real-time, and integrate their outputs into log messages or add them as span tags.
15
15
16
-
While this functionality is powerful, it also presents the possibility of sensitive data leaks, both intentional and unintentional. Alongside the product's robust data capture capabilities, it also provides comprehensive measures to safeguard sensitive information.
16
+
While this functionality is powerful, it also presents the possibility of sensitive data leaks, both intentional and unintentional. Alongside the product's robust data capture capabilities, it also provides comprehensive measures to safeguard sensitive information.
17
17
18
-
By understanding and properly configuring these redaction mechanisms, you can use Dynamic Instrumentation with confidence and security.
18
+
By understanding and properly configuring these redaction mechanisms, you can use Dynamic Instrumentation with confidence and security.
19
19
20
20
## Redact based on identifiers
21
21
@@ -27,6 +27,8 @@ Dynamic Instrumentation automatically redacts values linked to specific identifi
27
27
28
28
You can further tailor redaction by specifying additional identifiers. In your application's environment (not on `datadog-agent`), set the `DD_DYNAMIC_INSTRUMENTATION_REDACTED_IDENTIFIERS` environment variable to a comma-separated list of identifiers such as `firstName,lastName,phoneNumber`.
29
29
30
+
To exclude specific identifiers from the default redaction list, set the `DD_DYNAMIC_INSTRUMENTATION_REDACTION_EXCLUDED_IDENTIFIERS` environment variable to a comma-separated list of identifiers that should not be redacted, such as `cookie,sessionid`.
31
+
30
32
Redaction applies universally, regardless of how the identifier is used in the code (as method arguments, local variables, class attributes, dictionary keys, and so on). The associated values are redacted in your infrastructure and not uploaded to Datadog.
0 commit comments