PII and Data Scrubbing

This document describes a configuration format that we would like to hide from the user eventually. The only reason this page still exists is, because currently Relay accepts this format in alternative to regular data scrubbing settings.

The following document explores the syntax and semantics of the configuration for Advanced Data Scrubbing consumed and executed by Relay. Sometimes, this is also referred to as PII scrubbing.

Say you have an exception message which, unfortunately, contains IP addresses which are not supposed to be there. You'd write:

Copied
{
  "applications": {
    "$string": ["@ip:replace"]
  }
}

It reads as "replace all IP addresses in all strings", or "apply @ip:replace to all $string fields".

@ip:replace is called a rule, and $string is a selector.

The following rules exist by default:

  • @ip:replace and @ip:hash for replacing IP addresses.
  • @imei:replace and @imei:hash for replacing IMEIs
  • @mac:replace, @mac:mask and @mac:hash for matching MAC addresses
  • @email:mask, @email:replace and @email:hash for matching email addresses
  • @creditcard:mask, @creditcard:replace and @creditcard:hash for matching creditcard numbers
  • @userpath:replace and @userpath:hash for matching local paths (e.g. C:/Users/foo/)
  • @password:remove for removing passwords. In this case we're pattern matching against the field's key, whether it contains password, credentials or similar strings.
  • @anything:remove, @anything:replace and @anything:hash for removing, replacing or hashing any value. It is essentially equivalent to a wildcard-regex, but it will also match much more than strings.

Rules generally consist of two parts:

Each page comes with examples. Try those examples out by pasting them into the "PII config" column of Piinguin and clicking on fields to get suggestions.

The easiest way to go about this is if you already have a raw JSON payload from some SDK. Go to our PII config editor Piinguin, and:

  1. Paste in a raw event
  2. Click on data you want eliminated
  3. Paste in other payloads and see if they look fine, go to step 2 if necessary.

After iterating on the config, paste it back into the project config located at .relay/projects/<PROJECT_ID>.json

For example:

Copied
{
  "publicKeys": [
    {
      "publicKey": "examplePublicKey",
      "isEnabled": true
    }
  ],
  "config": {
    "allowedDomains": ["*"],
    "piiConfig": {
      "rules": {
        "device_id": {
          "type": "pattern",
          "pattern": "d/[a-f0-9]{12}",
          "redaction": {
            "method": "hash"
          }
        }
      },
      "applications": {
        "freeform": ["device_id"]
      }
    }
  }
}
Help improve this content
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) or suggesting an update ("yeah, this would be better").