Mask Sensitive Data
This processor is only available in BindPlane OP Enterprise. Learn more here.
Mask Sensitive Processor
The Mask Sensitive Data processor can be used to detect and mask sensitive data.
Supported Types
| Metrics | Logs | Traces |
|---|---|---|
| ✓ | ✓ | ✓ |
Configuration Table
| Parameter | Type | Default | Description |
|---|---|---|---|
| telemetry_types | strings | [Metrics, Logs, Traces] | Which types of telemetry to apply masking rules to. |
| rules* | map | See default rules | Regular expression to detect sensitive data. |
| exclude | strings | A list of json dot notation fields that will be excluded from masking. The prefixes resource, attributes, and body can be used to indicate the root of the field. |
*required field
Default rules Values
rules Valuesemail:\b[a-zA-Z0-9._\/\+\-—|][email protected][A-Za-z0-9.\-—|]+\.?[a-zA-Z|]{0,6}\bssn:\b\d{3}[- ]\d{2}[- ]\d{4}\bcredit_card:\b(?:(?:(?:\d{4}[- ]?){3}\d{4}|\d{15,16}))\bphone:\b((\+|\b)[1l][\-\. ])?\(?\b[\dOlZSB]{3,5}([\-\. ]|\) ?)[\dOlZSB]{3}[\-\. ][\dOlZSB]{4}\bipv4:\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b
Example Configuration
Basic Configuration
Below is an example of configuration using the defaults.
Web Interface
Standalone Processor
apiVersion: bindplane.observiq.com/v1
kind: Processor
metadata:
id: mask_sensitive_data
name: mask_sensitive_data
spec:
type: mask_sensitive_data
parameters:
- name: telemetry_types
value: ["Metrics", "Logs", "Traces"]
Custom rules and Exclusions
This example shows using a custom rule to mask words over 10 characters. It also excludes the resource attribute ip from being considered for masking.
Web Interface
Standalone Processor
apiVersion: bindplane.observiq.com/v1
kind: Processor
metadata:
id: mask_sensitive_data
name: mask_sensitive_data
spec:
type: mask_sensitive_data
parameters:
- name: telemetry_types
value: ["Metrics", "Logs", "Traces"]
- name: rules
value:
long_word: '\w{10,}'
- name: exclude
value: ["resource.ip"]
Updated about 1 month ago