Logo of AppSignal

Menu
Docs navigation

Parameter filtering

In most apps, at least some of the data that is sent to the application is sensitive or personally identifiable information that should not leave the network. To prevent AppSignal from storing this data the Ruby gem should be configured to not send this data at all or filter out specific values.

We support two ways of filtering parameters from being sent to AppSignal. Either with the built-in AppSignal parameter filtering or, when using Phoenix, using the Phoenix parameter filtering.

Warning: Do not send personal data to AppSignal. If your parameters or session data contain personal data, please use filtering to avoid sending this data to AppSignal.

Table of Contents

AppSignal parameter filtering

If you're not using Phoenix, or want to filter parameters without changing the Phoenix.Logger's configuration, you can set up filtered parameters in the AppSignal configuration file.

1
2
3
# config/appsignal.exs
config :appsignal, :config,
  filter_parameters: ["password", "secret"]

Processor parameter filtering

When some sensitive parameters are still sent by your app to AppSignal, we will filter these out during processing. This means the data was sent to our servers, where we received and temporarily stored this "pre-processing data". We always use SSL to encrypt data moving between your apps and our servers.

AppSignal filters out the password and password_confirmation keys from the parameters during processing. These keys are not customizable. These filtered values are replaced with [REMOVED] (rather than [FILTERED]) to indicate these values were filtered in our processors rather than in your app. Only after this processing, your data is viewable on AppSignal.com. Before that, none of the potentially sent sensitive data is visible to any member of your organization on AppSignal.com. The pre-processing data is removed shortly after processing.

Phoenix filter_parameters configuration

You can use Phoenix's parameter filtering, which is used to keep sensitive information from the logs. AppSignal will also follow these filtering rules.

1
2
3
# config/config.exs
config :phoenix,
  :filter_parameters, ["password", "secret"]

If :filter_parameters is not set, Phoenix will default to ["password"]. This means that a Phoenix app will not send any passwords to AppSignal without any configuration.

We'd like to set cookies, read why.