Skip to content
Honeybadger Docs

Filtering sensitive data

You have complete control over the data that Honeybadger reports when an error occurs. Before data is sent to Honeybadger, it is passed through a filter to remove sensitive fields and do other processing on the data. The default configuration is equivalent to:

from honeybadger import honeybadger
honeybadger.configure(
    params_filters=[
        "password",
        "password_confirmation",
        "credit_card",
        "CSRF_COOKIE",
    ]
)

How it works

Section titled “How it works”

The params_filters configuration applies to:

  • Request parameters (GET/POST data)
  • Session data
  • Cookies
  • CGI environment variables
  • Local variables (when report_local_variables is enabled)

Any field matching a filter key will have its value replaced with "[FILTERED]". Filtering works recursively on nested dictionaries. For example:

# Before filtering
data = {
    "username": "alice",
    "password": "secret123",
    "user_data": {
        "credit_card": "1234-5678-9012-3456"
    }
}


# After filtering
data = {
    "username": "alice",
    "password": "[FILTERED]",
    "user_data": {
        "credit_card": "[FILTERED]"
    }
}