Send secret masking telemetry if opted in to it #5189
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nguerrera
commented
Apr 29, 2025
nguerrera
commented
Apr 29, 2025
nguerrera
commented
Apr 29, 2025
merlynomsft
reviewed
Apr 30, 2025
merlynomsft
reviewed
Apr 30, 2025
merlynomsft
reviewed
Apr 30, 2025
merlynomsft
reviewed
Apr 30, 2025
merlynomsft
approved these changes
Apr 30, 2025
nguerrera
commented
Apr 30, 2025
merlynomsft
reviewed
May 13, 2025
merlynomsft
previously approved these changes
May 13, 2025
nguerrera
commented
May 14, 2025
nguerrera
force-pushed
the
users/nguerrera/masking-telemetry-with-opt-in
branch
from
6a4d1b8 to
ea196a1
Compare
This comment was marked as outdated.
This comment was marked as outdated.
nguerrera
force-pushed
the
users/nguerrera/masking-telemetry-with-opt-in
branch
from
ea196a1 to
52b4e2d
Compare
If using the new OSS secret masker and an additional opt-in knob is turned on, then send telemetry about secrets that were masked.
nguerrera
force-pushed
the
users/nguerrera/masking-telemetry-with-opt-in
branch
from
52b4e2d to
524bf17
Compare
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
nguerrera
changed the title
nguerrera
commented
Jun 11, 2025
merlynomsft
approved these changes
Jun 12, 2025
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
tarunramsinghani
approved these changes
Jun 13, 2025
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
merlynomsft
approved these changes
Jun 14, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue: We would like to have telemetry on secret masking.
Description:
If using the new OSS secret masker and an additional opt-in knob is turned on, then send telemetry about secrets that were masked.
An overall 'SecretMasker' event is sent with statistics such as total detections and elapsed time. Additional 'SecretMaskerDetections' events are sent mapping C3ID to pattern monikers. These are batched to keep event sizes capped and the total number of events are also capped.
This also includes an update to the Microsoft.Security.Utilities.Core dependency from v1.18 to v1.19. Release notes: https://github.com/microsoft/security-utilities/blob/release/v1.19.0/docs/ReleaseHistory.md
Risk Assessment (Low/Medium/High): Low. Behind opt-in flag.
Added unit tests (Y/N): Y
Additional Tests Performed: Ran agent locally with AZP_SEND_SECRET_MASKER_TELEMETRY=true set via environment variable and confirmed telemetry was reported.