Filtering Sensitive Data

You have complete control over what data is sent to Honeybadger. You can filter request data as well as inspect and filter all other data before it's sent to Honeybadger.

Filtering request data

Honeybadger automatically filters sensitive keys in params, cookies, and environment data. By default, we filter keys containing password or creditcard. When you add a property name to the filters config array, the values will be removed from error reports before they are sent to our servers:

{
  "submit": "Sign Up",
  "password": "[FILTERED]"
}

Here’s an example of configuring additional filters (ssn in this case):

Honeybadger.configure({
  filters: ['password', 'creditcard', 'ssn']
});

With the above config, all keys containing ssn, password, or creditcard will be filtered from request data. Filters are case insensitive; creditcard and creditCard will both match. Filters are not applied to data sent to Honeybadger via the context feature.

Filtering other data

Honeybadger also allows you to inspect and filter all data that is sent to our servers at the time of an error using a Honeybadger.beforeNotify handler.

For example, to filter the URL of the current page when it contains a sensative param name:

Honeybadger.beforeNotify(function(notice) {
  if (/creditCard/.test(notice.url)) {
    notice.url = '[FILTERED]';
  }
});

To filter keys in the context object:

Honeybadger.beforeNotify(function(notice) {
  Object.keys(notice.context).forEach(function(key) {
    if (/creditCard/.test(key)) {
      notice.context[key] = '[FILTERED]';
    }
  });
});

The following notice properties are available in notice objects:

  • notice.stack - The stack trace (read only)
  • notice.backtrace - The parsed backtrace object
  • notice.name - The exception class name
  • notice.message - The error message
  • notice.url - The current url
  • notice.projectRoot - The root url
  • notice.environment - Name of the environment. example: “production”
  • notice.component - Similar to a rails controller name. example: “users”
  • notice.action - Similar to a rails action name. example: “create”
  • notice.fingerprint - A unique fingerprint, used to customize grouping of errors in Honeybadger
  • notice.context - The context object
  • notice.tags - A string comma-separated list of tags
  • notice.params - An object of request parameters
  • notice.session - An object of request session key/values
  • notice.headers - An object of request headers
  • notice.cookies - An object of cookie key/values. May also be sent as a string in the document.cookie “foo=bar;bar=baz” format.

The following additional notice properties are available in afterNotify handlers:

  • notice.id - The UUID of the error in Honeybadger