Server Side PII Data Scrubbing
Description
There is an impetus behind a Server Side PII data-scrubbing feature from the results of threat assessments and paid audits, carried out by company internal security teams as well as by external, professional auditors.
Because of the potentially wide-ranging functionality of such a feature, the initial scope of the feature should be kept as simple as possible, while leaving things open to expand functionality and scope as new requirements are raised subsequently.
Please see the following issues, which also pertain to data scrubbing:
Proposed Solution(s)
The solution is described below in the form of a user story.
User Story
As a Glitchtip user with the "Manager" role
I want some control over Glitchtip's storage of incoming PII
So that I am assured that a minimal amount of PII data-scrubbing occurs
Acceptance Criteria
- I can see that by default, none of my projects have scrubbing enabled.
- I can selectively enable scrubbing on a per-project basis.
- When scrubbing is enabled, I can see that the following PII are automatically scrubbed from all incoming telemetry:
- IP Addresses
- Email addresses
- Credit Card numbers
- When scrubbing is enabled, I can manually configure a comma separated list of additional fields to be scrubbed.
- I can see that when data is scrubbed, it is replaced with
[scrubbed]or****or possibly a user-configurable replacement string.
Technical Notes
With regard to points 3 and 4 above, I note that Sentry v8.13.0 (c.2015) had these features, albeit implemented as separate UI controls. Perhaps Python logic from this version of Sentry is able to be leveraged, given that at the time, it was available under what appears to be a FOSS license.