Data Redaction

Our agent lets you define custom data redaction functions. Use them when you don't want sensitive data from your application getting captured in developer's frontend.

In the following example, there is a simple flask server with /auth endpoint defined on line 24. It defines a sensitive variable called secret at line 25 which you do not want to be captured in tracepoints. Also let's say you do not want any dynamic log messages in this function.

def tracepointRedactFunc(vals):
  if "auth.py" in vals["file_name"] or "auth" in vals["method_name"]:
      for var in vals["frames"][0].variables.variables:
        if var.name=="secret":
          var.value = "XXXXXXXXX"

def logRedactFunc(vals):
    if "auth.py" in vals["file_name"] or "auth" in vals["method_name"]:
        vals["log_expression"] = "REDACTED!!"

import heimdall
heimdall.start(
  tracepoint_data_redaction_callback=tracepointRedactFunc, 
  log_data_redaction_callback=logRedactFunc, 
  apikey="{COMPANY API KEY}"
)

import requests
from flask import Flask

app = Flask(__name__)

@app.route("/auth")
def auth():
  secret="SENSITIVE DATA"
  return f"The secret is: {secret}"

You can specify the configuration parameters tracepoint_data_redaction_callback and log_data_redaction_callback while starting heimdall, which define the custom callback functions. Argument vals contains the variables file_name and method_name which can be used to trace where is this data coming from. Data can be redacted as shown in above example.