View Source Sentry.Scrubber (Sentry v13.1.0)
Shared, framework-agnostic helpers for scrubbing sensitive data before it is sent to Sentry.
Available since v13.1.0.
This module owns the default sensitive key lists, the placeholder used in
place of redacted values, the credit-card detection heuristic, and the
recursive map/list traversal used by the rest of the SDK to redact values.
Integrations such as Sentry.PlugContext, Sentry.PlugCapture, and
Sentry.LiveViewHook delegate to the functions exposed here so that
scrubbing rules live in a single place.
Defaults
The default sensitive parameter keys (used for body params, query strings, and arbitrary maps) are:
"password""passwd""secret"
The default sensitive header keys are:
"authorization""authentication""cookie"
Values matching a credit-card-like pattern (13–16 digits, optionally separated by spaces or dashes) are also replaced with the placeholder.
Custom scrubbing
All public functions accept an optional :keys option that overrides the
default list of sensitive keys. This makes it possible to compose custom
scrubbers on top of the defaults:
def scrub(map) do
map
|> Sentry.Scrubber.scrub_map(keys: ["password", "api_key"])
|> Map.drop(["internal_notes"])
endSummary
Functions
Returns the default list of sensitive header keys.
Returns the default list of sensitive parameter keys.
Drops sensitive keys from a flat map.
Recursively scrubs a list, applying the same rules as scrub_map/2 to any
maps it contains.
Recursively scrubs a map.
Scrubs an application/x-www-form-urlencoded query string, replacing the
value of any sensitive parameter with the placeholder.
Scrubs the query string portion of a URL, replacing the value of any sensitive query parameter with the placeholder. URLs without a query string are returned unchanged.
The placeholder string used to replace scrubbed values.
Types
@type option() :: {:keys, [String.t()]}
Options accepted by the scrubbing functions in this module.
Functions
@spec default_header_keys() :: [String.t()]
Returns the default list of sensitive header keys.
@spec default_param_keys() :: [String.t()]
Returns the default list of sensitive parameter keys.
Drops sensitive keys from a flat map.
This is the strategy used for HTTP headers, where the sensitive value should not appear in the payload at all.
Options
:keys- the list of sensitive keys to drop. Defaults todefault_header_keys/0.
Recursively scrubs a list, applying the same rules as scrub_map/2 to any
maps it contains.
Options
See scrub_map/2.
Recursively scrubs a map.
Any value whose key is in the configured sensitive key list is replaced with the placeholder. Values matching the credit-card pattern are also replaced. Nested maps, structs, and lists are scrubbed recursively.
Options
:keys- the list of sensitive keys to redact. Defaults todefault_param_keys/0.
Scrubs an application/x-www-form-urlencoded query string, replacing the
value of any sensitive parameter with the placeholder.
Options
See scrub_map/2.
Scrubs the query string portion of a URL, replacing the value of any sensitive query parameter with the placeholder. URLs without a query string are returned unchanged.
Options
See scrub_map/2.
@spec scrubbed_value() :: String.t()
The placeholder string used to replace scrubbed values.