|
| 1 | +--- |
| 2 | +title: Data Collected |
| 3 | +description: "See what data is collected by the Sentry SDK." |
| 4 | +sidebar_order: 1 |
| 5 | +--- |
| 6 | + |
| 7 | +Sentry prioritizes your privacy and data protection. By default, the Elixir SDK is configured to minimize the collection of personally identifiable information (PII) while still providing comprehensive error monitoring capabilities. The data collected varies based on which SDK integrations you have enabled and how you've configured the SDK. |
| 8 | + |
| 9 | +## HTTP Headers |
| 10 | + |
| 11 | +When using the Plug or Phoenix integrations, HTTP headers from requests are included in error reports with built-in filtering for security: |
| 12 | + |
| 13 | +**Default Behavior:** |
| 14 | + |
| 15 | +- Most request headers are included by default |
| 16 | +- Sensitive headers are automatically scrubbed, including: |
| 17 | + - `authorization` |
| 18 | + - `authentication` |
| 19 | + - `cookie` |
| 20 | + |
| 21 | +**Configuration:** |
| 22 | + |
| 23 | +```elixir |
| 24 | +# Custom header filtering |
| 25 | +config :sentry, |
| 26 | + header_scrubber: &MyApp.CustomHeaderScrubber.scrub/1 |
| 27 | +``` |
| 28 | + |
| 29 | +## Cookies |
| 30 | + |
| 31 | +**Default Behavior:** |
| 32 | +- **All cookies are scrubbed by default** for privacy protection |
| 33 | +- No cookie data is sent to Sentry unless explicitly configured |
| 34 | + |
| 35 | +**Configuration:** |
| 36 | + |
| 37 | +```elixir |
| 38 | +# Enable cookie collection with custom scrubbing |
| 39 | +config :sentry, |
| 40 | + cookie_scrubber: &MyApp.CustomCookieScrubber.scrub/1 |
| 41 | +``` |
| 42 | + |
| 43 | +## Users' IP Address |
| 44 | + |
| 45 | +**Default Behavior:** |
| 46 | +- Client IP addresses are collected from HTTP requests |
| 47 | +- Prioritizes `x-forwarded-for` header, falls back to `conn.remote_ip` |
| 48 | + |
| 49 | +**Configuration:** |
| 50 | + |
| 51 | +```elixir |
| 52 | +# Custom IP address extraction |
| 53 | +config :sentry, |
| 54 | + remote_address_reader: {MyModule, :get_ip_address} |
| 55 | +``` |
| 56 | + |
| 57 | +## Request URL |
| 58 | + |
| 59 | +**Default Behavior:** |
| 60 | +- Full request URLs are always sent, including query strings |
| 61 | +- URLs may contain PII depending on your application's routing structure |
| 62 | + |
| 63 | +**Configuration:** |
| 64 | + |
| 65 | +```elixir |
| 66 | +# Custom URL scrubbing |
| 67 | +config :sentry, |
| 68 | + url_scrubber: &MyApp.UrlScrubber.scrub/1 |
| 69 | +``` |
| 70 | + |
| 71 | +## Request Body |
| 72 | + |
| 73 | +**Default Behavior:** |
| 74 | +- Request body parameters are included with automatic scrubbing |
| 75 | +- Sensitive parameters are filtered by default: |
| 76 | + - `password` |
| 77 | + - `passwd` |
| 78 | + - `secret` |
| 79 | + - Credit card numbers (detected via regex pattern) |
| 80 | + |
| 81 | +**Configuration:** |
| 82 | +```elixir |
| 83 | +# Custom body parameter filtering |
| 84 | +config :sentry, |
| 85 | + body_scrubber: &MyApp.BodyScrubber.scrub/1 |
| 86 | +``` |
| 87 | + |
| 88 | +## Source Context |
| 89 | + |
| 90 | +**Default Behavior:** |
| 91 | + |
| 92 | +- Source code context is **disabled by default** |
| 93 | +- Must be explicitly enabled and packaged |
| 94 | + |
| 95 | +**Configuration:** |
| 96 | + |
| 97 | +```elixir |
| 98 | +# Enable source code context |
| 99 | +config :sentry, |
| 100 | + enable_source_code_context: true, |
| 101 | + root_source_code_paths: [File.cwd!()], |
| 102 | + context_lines: 3 # Lines before/after error |
| 103 | +``` |
| 104 | + |
| 105 | +## Local Variables In Stack Trace |
| 106 | + |
| 107 | +**Default Behavior:** |
| 108 | +- Local variables are not included in stack traces |
| 109 | +- Stack traces contain function names, function variables, modules, file paths, and line numbers only |
| 110 | + |
| 111 | +**Note:** Unlike some other SDKs, the Elixir SDK does not currently support capturing local variables due to the nature of the Erlang VM. |
| 112 | + |
| 113 | +## Logger Data |
| 114 | + |
| 115 | +When using the Logger integration, additional data is collected: |
| 116 | + |
| 117 | +**Log Metadata:** |
| 118 | + |
| 119 | +- Configurable via the `:metadata` option |
| 120 | +- Can include specific keys or all available metadata |
| 121 | + |
| 122 | +**Process Context:** |
| 123 | + |
| 124 | +- Process ID (PID) |
| 125 | +- GenServer state and last message (for crashed GenServers) |
| 126 | +- Process crash reasons |
| 127 | + |
| 128 | +**Configuration:** |
| 129 | + |
| 130 | +```elixir |
| 131 | +config :logger, :sentry, |
| 132 | + metadata: [:request_id, :user_id] # Specific keys |
| 133 | +# or |
| 134 | +config :logger, :sentry, |
| 135 | + metadata: :all # All available metadata |
| 136 | +``` |
| 137 | + |
| 138 | +<Alert> |
| 139 | +There's always risk that PII will leak into Sentry via Logger integration. It is recommended to review your log metadata and scrub any sensitive information before logging. |
| 140 | +</Alert> |
| 141 | + |
| 142 | +## Application Dependencies |
| 143 | + |
| 144 | +**Default Behavior:** |
| 145 | + |
| 146 | +- List of loaded applications and their versions are sent |
| 147 | +- Helps with debugging version-specific issues |
| 148 | + |
| 149 | +**Configuration:** |
| 150 | + |
| 151 | +```elixir |
| 152 | +# Disable dependency reporting |
| 153 | +config :sentry, |
| 154 | + report_deps: false |
| 155 | +``` |
| 156 | + |
| 157 | +## Oban Job Data |
| 158 | + |
| 159 | +When using the Oban integration for background jobs: |
| 160 | + |
| 161 | +**Job Information:** |
| 162 | +- Job arguments, attempt count, queue name |
| 163 | +- Worker class name |
| 164 | +- Job metadata and tags |
| 165 | +- Max attempts and current state |
0 commit comments