Skip to content
Honeybadger Docs

Filtering sensitive data

View Markdown

You have complete control over the data that Honeybadger reports when an error occurs. Before data is sent to Honeybadger, it is passed through a filter to remove sensitive fields and do other processing on the data. The default configuration is equivalent to:

from honeybadger import honeybadger
honeybadger.configure(
    params_filters=[
        "password",
        "password_confirmation",
        "credit_card",
        "CSRF_COOKIE",
    ]
)

How it works

Section titled “How it works”

The params_filters configuration applies to:

  • Request parameters (GET/POST data)
  • Session data
  • Cookies
  • CGI environment variables
  • Local variables (when report_local_variables is enabled)

Any field matching a filter key will have its value replaced with "[FILTERED]". Filtering works recursively on nested dictionaries. For example:

# Before filtering
data = {
    "username": "alice",
    "password": "secret123",
    "user_data": {
        "credit_card": "1234-5678-9012-3456"
    }
}


# After filtering
data = {
    "username": "alice",
    "password": "[FILTERED]",
    "user_data": {
        "credit_card": "[FILTERED]"
    }
}

Filtering with before_notify

Section titled “Filtering with before_notify”

For more control, you can use a before_notify handler to inspect and modify the notice before it’s sent. This gives you access to request params, session data, CGI variables, and more:

from honeybadger import honeybadger


def filter_notice(notice):
    # Remove a specific key from request params
    if "api_token" in notice.params:
        del notice.params["api_token"]


    # Redact session data
    notice.session = {
        k: "[FILTERED]" if k in ("auth_token", "csrf") else v
        for k, v in notice.session.items()
    }


    return notice


honeybadger.configure(before_notify=filter_notice)

See Configuration for a full list of available notice properties.