Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Security & privacy project settings #248

Open
jianyuan opened this issue Dec 17, 2022 · 1 comment
Open

Feature Request: Security & privacy project settings #248

jianyuan opened this issue Dec 17, 2022 · 1 comment

Comments

@jianyuan
Copy link
Owner

jianyuan commented Dec 17, 2022
edited
Loading

Reference: https://docs.sentry.io/product/data-management-settings/scrubbing/

Enhancement 1: New properties in the sentry_project resource

resource "sentry_project" "my_project" {
  # Possible values:
  # omit = inherit organization settings
  # 0    = disabled
  # -1   = unlimited
  # 1, 5, 10, 20, 50, 100 per issue
  store_crash_reports = 0

  data_scrubber          = true
  data_scrubber_defaults = true

  scrub_ip_addresses = true

  sensitive_fields = ["email"]

  safe_fields = ["business-email"]
}

Enhancement 2: Advanced data scrubbing

CleanShot 2022-12-17 at 00 30 45

The advanced data scrubbing settings are represented as a JSON-encoded string in their API:

# GET https://sentry.io/api/0/projects/<organization>/<project>/

{
  # ...
  "relayPiiConfig": "{\"rules\":{\"0\":{\"type\":\"creditcard\",\"redaction\":{\"method\":\"hash\"}},\"1\":{\"type\":\"creditcard\",\"redaction\":{\"method\":\"remove\"}},\"2\":{\"type\":\"anything\",\"redaction\":{\"method\":\"hash\"}},\"3\":{\"type\":\"imei\",\"redaction\":{\"method\":\"remove\"}}},\"applications\":{\"**\":[\"0\"],\"password\":[\"1\",\"2\"],\"$http.headers.x-custom-token\":[\"3\"]}}",
}

The schema is defined in their relay project which is written in Rust. Significant effort is needed to port the schema and validation rules to Go. Therefore, my proposal is to build the rules via Sentry's UI and copy the resulting JSON into the sentry_project resource configuration. It's a less ideal Terraform experience, but it is much simpler to implement.

resource "sentry_project" "my_project" {
  relay_pii_config = <<EOT
{
    "rules": {
        "0": {
            "type": "creditcard",
            "redaction": {
                "method": "hash"
            }
        },
        "1": {
            "type": "creditcard",
            "redaction": {
                "method": "remove"
            }
        },
        "2": {
            "type": "anything",
            "redaction": {
                "method": "hash"
            }
        },
        "3": {
            "type": "imei",
            "redaction": {
                "method": "remove"
            }
        }
    },
    "applications": {
        "**": [
            "0"
        ],
        "password": [
            "1",
            "2"
        ],
        "$http.headers.x-custom-token": [
            "3"
        ]
    }
}
EOT
}
@D13410N3
Copy link

Hello! Yes, adding these options will be cool

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jianyuan @D13410N3