Add option to redact (mask) sensitive URL parameters like ?password=... or ?token=... #6987
Labels
area: instrumentation
Related to an instrumentation package
enhancement
New feature or request
instrumentation: otelhttp
Comments
Mazgis47
added
area: instrumentation
|
There is a plugin that allows doing that more broadly than just within otelhttp. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Problem Statement
Some of the external APIs use authentication via URL parameters e.g.:
https://myapi.com/query?token=abcdWhen using otelhttp Transport, transaction contains sensitive information in the attributes like http.url.
Proposed Solution
Have an Option to pass, something like WithParameterRedact(keysToSanitize []string), to the function:
func NewTransport(base http.RoundTripper, opts ...Option) *TransportWhich would replace actual token with the masked string like
?token=xxxxxAlternatives
Prior Art
See alternatives
Additional Context
I just need this option to protect sensitive data leakage.
The text was updated successfully, but these errors were encountered: