Sensitive Data
Redact sensitive data from telemetry at ingestion layer using Control Plane
Sensitive Data automatically detects and redacts personally identifiable information (PII) and other sensitive data from your telemetry at ingestion time — no code changes, no redeploys, no policy updates. For example, if customer phone numbers start appearing in your logs, just create a redaction rule to automatically replace them with asterisks. It’s a faster, simpler alternative to code-level data sanitization.
Create new sensitive data rule
Head to the Control Plane and create a new Sensitive Data Rule.
You can configure rules to scan for different types of Personal Identifiable Information (PII) including email addresses, phone numbers, and credit card numbers. When sensitive data is detected, you can choose to redact it (replace with asterisks) or take no action. Additional labels can be attached to matching samples for filtering and alerts.
Configuration Options
Telemetry Data
Currently supported telemetry type is logs only. All samples for the selected telemetry data will be scanned using the configured rules.
Scan Rules
Choose which types of sensitive data to detect:
- Email - Detects email addresses in your log data
- Phone Number - Identifies phone numbers across various formats
- Credit Card Number - Finds credit card numbers and payment card data
Actions
Available actions for detected sensitive data:
- Redact - Replace matching sensitive data with asterisks (*)
- No Action - Detect and label but don’t modify the data
Additional Labels
Add custom labels (key:value pairs) to samples containing sensitive data. These labels can be used for filtering, alerting, and downstream processing. Common examples:
sensitive_data: true
redacted: true
pii_type: phone
Supported Telemetry Types
Currently supported telemetry type is logs. Support for metrics and traces will be added in future releases.
Troubleshooting
Please get in touch with us on Discord or Email if you have any questions.