Mask Sensitive Data

🚧

This processor is only available in BindPlane OP Enterprise. Learn more here.

Mask Sensitive Processor

The Mask Sensitive Data processor can be used to detect and mask sensitive data.

Supported Types

MetricsLogsTraces

Configuration Table

ParameterTypeDefaultDescription
telemetry_typesstrings[Metrics, Logs, Traces]Which types of telemetry to apply masking rules to.
rules*mapSee default rulesRegular expression to detect sensitive data.
excludestringsA list of json dot notation fields that will be excluded from masking. The prefixes resource, attributes, and body can be used to indicate the root of the field.

*required field

Default rules Values

  • email: \b[a-zA-Z0-9._\/\+\-—|][email protected][A-Za-z0-9.\-—|]+\.?[a-zA-Z|]{0,6}\b
  • ssn: \b\d{3}[- ]\d{2}[- ]\d{4}\b
  • credit_card: \b(?:(?:(?:\d{4}[- ]?){3}\d{4}|\d{15,16}))\b
  • phone: \b((\+|\b)[1l][\-\. ])?\(?\b[\dOlZSB]{3,5}([\-\. ]|\) ?)[\dOlZSB]{3}[\-\. ][\dOlZSB]{4}\b
  • ipv4: \b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b

Example Configuration

Basic Configuration

Below is an example of configuration using the defaults.

Web Interface

Standalone Processor

apiVersion: bindplane.observiq.com/v1
kind: Processor
metadata:
  id: mask_sensitive_data
  name: mask_sensitive_data
spec:
  type: mask_sensitive_data
  parameters:
    - name: telemetry_types
      value: ["Metrics", "Logs", "Traces"]

Custom rules and Exclusions

This example shows using a custom rule to mask words over 10 characters. It also excludes the resource attribute ip from being considered for masking.

Web Interface

Standalone Processor

apiVersion: bindplane.observiq.com/v1
kind: Processor
metadata:
  id: mask_sensitive_data
  name: mask_sensitive_data
spec:
  type: mask_sensitive_data
  parameters:
    - name: telemetry_types
      value: ["Metrics", "Logs", "Traces"]
    - name: rules
      value:
        long_word: '\w{10,}'
    - name: exclude
      value: ["resource.ip"]