In some cases, you may want to redact sensitive data from the Komodor platform. You can do so by applying the values shown below.
Values:
events.redact
- Redact values from specific fields in resourceslogs.redact
- Redact values from logslogs.NamespaceDenylist
- Do not collect logs from specific namespaceslogs.NamespaceAllowlist
- Only collect logs from specific namespaceslogs.NameDenylist
- Do not collect logs from specific workloads
For example, to redact the password
field from all resources, apply the following YAML configuration:
events:
redact:
- "PG_.*"
- ".*PASSWORD.*"
To avoid collecting logs from the kube-system
namespace, apply the following YAML configuration:
logs:
namespaceDenylist: ["kube-system"]
To allow only collecting logs from the default
and dev
namespaces, apply the following YAML configuration:
logs:
namespaceAllowlist: ["default", "dev"]
To mask passwords in logs, apply the following YAML configuration:
logs:
redact:
- "password=(.+?)\b"
- "(?U)\"sessionId\": (\".+\"{1})"
example logs redactions:
INPUT: example my password=supersecret and something else
OUTPUT: example my <REDACTED> and something else
INPUT: { "level": "INFO", "message": "User has added Item 12453 to Basket", "sessionId": "SESS456", "timestamp": 1634477804 }
OUTPUT: { "level": "INFO", "message": "User has added Item 12453 to Basket", <REDAC
Comments
0 comments
Please sign in to leave a comment.