Considerations
Before enabling pii masking, please note the following:
- This action masks span attribute values by replacing only the sensitive portions with
****
, while leaving the rest of the value intact. - The regex used for masking are predefined for each PII category and cannot be configured.
- Currently, only trace signals are supported.
- All span attribute values in every span will be examined and masked accordingly.
Use Cases
Security- By default, OpenTelemetry should not record PII (Personally Identifiable Information) or sensitive data such as passwords, api tokens, etc. However, if the data is accidentally added to the telemetry signals, or if a manual instrumentation recorded it into an attribute, this action can be used to mask such data.
- Ensure compliance with legal and privacy.
- Payment Card Industry (PCI) Data Security Standards prohibit logging certain things or storing them unencrypted.
Configuration Options
The PiiMasking action is configured using theodigos.io/v1alpha1.Action
CRD with the piiMasking
configuration section.
actionName
actionName
actionName
string
: Allows you to attach a meaningful name to the action for convenience.- This field is optional
- Odigos does not use or assume any meaning from this field
notes
notes
notes
string
: Allows you to attach notes regarding the action for convenience.- This field is optional
- Odigos does not use or assume any meaning from this field
disabled
disabled
disabled
boolean
: Allows you to temporarily disable the action, but keep it saved for future use.- This field is optional, and defaults to
false
signals *
signals *
signals
string[]
: An array with the signals that the action will operate on.- This field is required
- Supported values:
TRACES
piiMasking *
piiMasking *
piiMasking
object
: Configuration for the PiiMasking action.- This field is required for this action type
piiCategories *
piiCategories *
piiCategories
string[]
: An array of strings representing the PII Category you want to mask.- This field is required
- The available PII categories are:
CREDIT_CARD
- mask Visa and MasterCard credit card numbers
Can’t find the PII category you need? Please Contact us and we will add it for you
Basic Example
The following example demonstrates how to configure the Pii Masking action to mask Visa and MasterCard credit card numbers from span attribute values using the new Action CRD.1
Create a YAML file with the following content:
pii-masking.yaml
2
Apply the action to the cluster: