o11y(email): remove recipient email from telemetry#3185
o11y(email): remove recipient email from telemetry#3185puckpuck merged 2 commits intoopen-telemetry:mainfrom
Conversation
|
Part of me wants to keep the email attribute on the span data, and add a redaction processor to the collector instead. I think adding a comment in code for the email service that this is deliberate would be a good thing too. Removing the entry in the log makes sense though since that's kinda unstructured and uglier to clean up in a collector. |
Kielek
left a comment
Kielek
left a comment
There was a problem hiding this comment.
@puckpuck, I would say that we should show good pattern only here. If you would like to show some sensitive data redaction by the collector, we could introduce separate, fake "sensitive.data.demo.fake.attribute" and use it for such purposes.
I think that someone can inspire/copy paste the email example to the application.
|
I like @Kielek’s proposal: it highlights a common real-world but undesirable use case, shows how to mitigate it, and clearly sets the expectation that it is an antipattern. |
|
Yeah, let's do that. I'll create an issue for us to add a clearly fake but should be redacted attribute, and a processor to redact it. |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
4 participants
Changes
The semantic convention recommend to avoid capturing PII data unless absolutely necessary. (source
This PR stops capturing recipient email addresses in telemetry and uses order.id for correlation instead, which should be sufficient for troubleshooting.