Back to Blog Home

Sentry Data Wash Now Offering Advanced Scrubbing

Markus Unterwaditzer image

Markus Unterwaditzer -

Sentry Data Wash Now Offering Advanced Scrubbing

Over the past week, we rolled out access to Advanced Data Scrubbing for all users. If you were one of our Early Adopters, you've known about this for a couple of months. As the name implies, it's an addition to our existing server-side data scrubbing features, meant to provide greater control and more tools to help you choose which data to redact from events.

What is data scrubbing?

One of Sentry's main selling points as an error monitoring platform is the data it collects and aggregates. That not only includes error messages and stack traces but also things like currently visited URL or browser used. It's not a stretch to imagine that a naive service provider collecting such information could quickly pose a threat to end-user privacy. Sentry is not naive.

Sentry implements a number of technical measures to limit the storage of sensitive data. We keep crash reports and other event data for a limited amount of time and our newer SDKs don't send known sensitive fields — such as certain HTTP headers or IP addresses — to Sentry by default. Most relevant in this blog post, our SDKs provide hooks to run your own code on event data before sending it to the server, and settings in the server UI redact ("scrub") keyword-based data prior to saving. For a comprehensive overview, head over to our documentation about sensitive data.

Historically, Sentry's server-side data scrubbing solved two concerns: removing data that seems sensitive (such as, number patterns resembling credit card information), and removing/retaining data based on user-defined keywords.

What's new to data scrubbing?

Server-side data scrubbing settings gives even more control over the detection and removal of sensitive data. Among other updates, now you can:

  • Define custom regular expressions to match data

  • Hash sensitive data rather than remove it

  • Limit each individual "rule" to a subsection of the event, which helps with overzealous data removal

All of this new functionality is exposed via a new rule-based system. Any configuration created is applied in addition to existing data scrubbing settings.

A Simple Example

Here's a quick example of how to use advanced data scrubbing.

Consider a stack trace containing this file path:

The user name may be enough to uniquely identify an end-user. To permanently delete this kind of data, we will:

  • Configure a data scrubbing rule to redact the user name in new events

  • Delete the issue to get rid of existing sensitive data

When you look at your project or organization settings, you'll notice a new "Security & Privacy" sidebar tab.

It's a basic reorg, more or less. Most of what's now on that page used to be under general settings. The only thing we've added is the "Advanced Data Scrubbing" section:

Click on "Add Rule" at the bottom right of the page. You'll see a dialog like this:

After doing all of that and hitting "Save Rule", "newer events" will no longer contain sensitive data:

However, our settings didn't affect previously sent events. If you want to get rid of sensitive data already  processed and stored by Sentry, the best way to do that is by deleting the entire issue to avoid storing sensitive data:

After that, file paths won't show usernames. Head over to our documentation about Advanced Data Scrubbing to learn about all available settings and options.

We're Not Done Yet

We've still got a lot on the horizon. We're building more features to complement server-side scrubbing — including a way to apply data scrubbing settings before it hits our servers and improvements to iterating on scrubbing rules. Stay tuned.

Share

Share on Twitter
Share on Facebook
Share on HackerNews
Share on LinkedIn

Published

Sentry Sign Up CTA

Code breaks, fix it faster

Sign up for Sentry and monitor your application in minutes.

Try Sentry Free

Topics

Sentry

The best way to debug slow web pages

Listen to the Syntax Podcast

Of course we sponsor a developer podcast. Check it out on your favorite listening platform.

Listen To Syntax
    TwitterGitHubDribbbleLinkedinDiscord
© 2024 • Sentry is a registered Trademark of Functional Software, Inc.