Filtering Sensitive Data

You have complete control over the data that Honeybadger reports when an error occurs. You can filter specific attributes or disable the reporting of entire sections of data.

Filtering Specific Attributes

By default, we filter the password and password_confirmation, as well as any params specified in Rails' params_filters.

You can configure the gem to filter additional data from the params, session, environment and cookies hashes. To do so, use the request.filter_keys setting.

When you add an attribute name to request.filter_keys, that attribute will be removed from any exceptions before they are reported to us.

Here's an example honeybadger.yml:

request:
  filter_keys:
    - password
    - password_confirmation
    - credit_card_number

The configuration above will filter out params[:credit_card_number], session[:credit_card_number], cookies[:credit_card_number], and Rails.env["credit_card_number"], as well as the password and password_confirmation attributes.

Regular expressions (regex) are also allowed. The configuration below will filter out any keys that are named anything matching /credit_card/i.

request:
  filter_keys:
    - !ruby/regexp '/credit_card/i'

Disable Data Completely

You can turn off reporting of params, session and environment data entirely. Here are the configuration options to do it:

request:
  disable_session: true # Don't report session data
  disable_params: true # Don't report request params
  disable_environment: true # Don't report anything from Rack ENV
  disable_url: true # Don't report the request URL