Filtering Sensitive Data

When Honeybadger includes request or environment data in error reports, you may want to exclude sensitive keys. We try to provide sane defaults, but you should always review the data you're reporting to make sure you aren't leaking sensitive information.

There are two types of potentially sensitive data in Honeybadger: Request Parameters and Environment Keys.

Request Parameters

You can filter sensitive request parameters using the request['filter'] configuration option. The value should be an array of keys to filter. Honeybadger filters the following keys by default:

[
    'request' => [
        'filter' => [
            'password',
            'password_confirmation'
        ],
    ],
]

Environment Keys

Honeybadger maintains a whitelist of environment keys, so you don't usually have to worry about leaking sensitive configuration such as API keys or passwords to 3rd-party services.

If you do need to filter some of the default keys, Honeybadger has you covered with the environment['filter'] configuration option. You can also add additional keys to the whitelist with the environment['include'] option, if you're sure you always want to report them:

[
    'environment' => [
        // Environment keys to filter before the payload sent to Honeybadger
        'filter' => [],

        // Additional environment keys to include
        'include' => [],
    ],
]