--- title: Filtering sensitive data description: Filter sensitive data from Ruby error reports to protect user privacy and comply with security requirements. url: https://docs.honeybadger.io/lib/ruby/errors/filtering-sensitive-data/ --- You have complete control over the data that Honeybadger reports when an error occurs. You can [filter specific attributes](https://docs.honeybadger.io/lib/ruby/errors/filtering-sensitive-data/#filtering-specific-attributes) or [disable the reporting](https://docs.honeybadger.io/lib/ruby/errors/filtering-sensitive-data/#disable-data-completely) of entire sections of data. ## Filtering specific attributes By default, we filter the `password` and `password_confirmation`, as well as any params specified in Rails’ [`filter_parameters`](https://guides.rubyonrails.org/action_controller_overview.html#parameters-filtering). You can configure the gem to filter additional data from the params, session, environment and cookies hashes. To do so, use the `request.filter_keys` setting. When you add an attribute name to `request.filter_keys`, that attribute will be removed from any exceptions before they are reported to us. Here’s an example honeybadger.yml: ```yaml request: filter_keys: - password - password_confirmation - credit_card_number ``` The configuration above will filter out `params[:credit_card_number]`, `session[:credit_card_number]`, `cookies[:credit_card_number]`, and `Rails.env["credit_card_number"]`, as well as the password and password\_confirmation attributes. Regular expressions (regex) are also allowed. The configuration below will filter out any keys that are named anything matching `/credit_card/i`. ```yaml request: filter_keys: - !ruby/regexp "/credit_card/i" ``` ## Disable data completely You can turn off reporting of params, session and environment data entirely. Here are the configuration options to do it: ```yaml request: disable_session: true # Don't report session data disable_params: true # Don't report request params disable_environment: true # Don't report anything from Rack ENV disable_url: true # Don't report the request URL ``` --- ## Try Honeybadger for FREE Intelligent logging, error tracking, and Just Enough APM™ in one dev-friendly platform. Find and fix problems before users notice. [Start free trial](https://app.honeybadger.io/users/sign_up) [See plans and pricing](https://www.honeybadger.io/plans/)