Sensitive data formatting

rcastley · rcastley · commit cbde334e0e75 · 2025-02-07T14:14:15.000Z
diff --git a/content/en/ninja-workshops/10-advanced-otel/5-dropping-spans/5-1-configuration.md b/content/en/ninja-workshops/10-advanced-otel/5-dropping-spans/5-1-configuration.md
@@ -8,32 +8,32 @@ weight: 1
 
 Switch to your **Gateway** terminal window. Navigate to the `[WORKSHOP]/5-dropping-spans` directory and open the `gateway.yaml` and add the following configuration to the `processors` section:
 
-- **Add a `filter` processor**: Configure the OpenTelemetry Collector to drop spans with the name `"/_healthz"`:
+**Add a `filter` processor**: Configure the OpenTelemetry Collector to drop spans with the name `"/_healthz"`:
 
-  ```yaml
-    
-    filter/health:                  # Defines a filter processor
-      error_mode: ignore            # Ignore errors
-      traces:                       # Filtering rules for traces
-        span:                       # Exclude spans named "/_healthz"  
-          - 'name == "/_healthz"'
-  ```
+```yaml
+  
+  filter/health:                  # Defines a filter processor
+    error_mode: ignore            # Ignore errors
+    traces:                       # Filtering rules for traces
+      span:                       # Exclude spans named "/_healthz"  
+        - 'name == "/_healthz"'
+```
 
-- **Add the `filter` processor**: Make sure you add the filter to the `traces` pipeline. Filtering should be applied as early as possible, ideally *right after the* memory_limiter and *before* the batch processor.
+**Add the `filter` processor**: Make sure you add the filter to the `traces` pipeline. Filtering should be applied as early as possible, ideally *right after the* memory_limiter and *before* the batch processor:
 
-  ```yaml
-      traces:
-        receivers:                
-          - otlp                    # OTLP Receiver
-        processors:                
-          - memory_limiter          # Manage memory usage
-          - resource/add_mode       # Add metadata about collector mode
-          - filter/health           # Filter Processor. Filter's out Data based on rules
-          - batch                   # Groups Data before send
-        exporters:               
-          - debug                   # Debug Exporter
-          - file/traces             # File Exporter for Trace
-  ```
+```yaml
+    traces:
+      receivers:                
+        - otlp                    # OTLP Receiver
+      processors:                
+        - memory_limiter          # Manage memory usage
+        - resource/add_mode       # Add metadata about collector mode
+        - filter/health           # Filter Processor. Filter's out Data based on rules
+        - batch                   # Groups Data before send
+      exporters:               
+        - debug                   # Debug Exporter
+        - file/traces             # File Exporter for Trace
+```
 
 {{% /notice %}}
 
diff --git a/content/en/ninja-workshops/10-advanced-otel/5-dropping-spans/5-2-test-filter.md b/content/en/ninja-workshops/10-advanced-otel/5-dropping-spans/5-2-test-filter.md
@@ -8,10 +8,11 @@ To test your configuration, you'll need to generate some trace data that include
 
 {{% notice title="Exercise" style="green" icon="running" %}}
 
-- **Create "noisy" 'Healthz' Span**
-  1. Create a new file called `health.json` in the `5-dropping-spans` directory.
-  2. Copy and paste the following JSON into the `health.json` file.
-  3. Note the span name is set to `{"name":"healthz"}` in the json.
+**Create "noisy" 'healthz' span**:
+
+1. Create a new file called `health.json` in the `5-dropping-spans` directory.
+2. Copy and paste the following JSON into the `health.json` file.
+3. Note the span name is set to `{"name":"healthz"}` in the json.
 
 {{% tabs %}}
 {{% tab title="health.json" %}}
@@ -44,35 +45,34 @@ WORKSHOP
 {{% /tabs %}}
 {{% /tab %}}
 
-- **Start the Gateway and the Agent**
-  1. Make sure you are in the `[WORKSHOP]/5-dropping-spans` folder for both the **Gateway** and **Agent** terminal windows and start the collectors.
-  2. **Send** the new `health.json` payload with the **cULR** command below. (**Windows use `curl.exe`**).
+**Start the Gateway and the Agent**:
+
+1. Make sure you are in the `[WORKSHOP]/5-dropping-spans` folder for both the **Gateway** and **Agent** terminal windows and start the collectors.
+2. **Send** the new `health.json` payload with the **cULR** command below. (**Windows use `curl.exe`**).
   
-  ```sh
-  curl -X POST -i http://localhost:4318/v1/traces -H "Content-Type: application/json" -d "@health.json"
-  ```
-
-- **Verify Agent Debug output shows the `healthz` span**
-  1. Confirm that the span `span` payload is sent, Check the agent’s debug output to see the span data like the snippet below:
-
-  ```text
-  <snip>
-  Span #0
-      Trace ID       : 5b8efff798038103d269b633813fc60c
-      Parent ID      : eee19b7ec3c1b173
-      ID             : eee19b7ec3c1b174
-      Name           : /_healthz
-      Kind           : Server
-  <snip>
-  ```
-
-  The **Agent** has forward the span to the **Gateway**.
+```sh
+curl -X POST -i http://localhost:4318/v1/traces -H "Content-Type: application/json" -d "@health.json"
+```
+
+**Verify Agent Debug output shows the `healthz` span**: Confirm that the span `span` payload is sent, Check the agent’s debug output to see the span data like the snippet below:
+
+```text
+<snip>
+Span #0
+    Trace ID       : 5b8efff798038103d269b633813fc60c
+    Parent ID      : eee19b7ec3c1b173
+    ID             : eee19b7ec3c1b174
+    Name           : /_healthz
+    Kind           : Server
+<snip>
+```
+
+The **Agent** has forward the span to the **Gateway**.
   
-- **Check the Gateway Debug output**
-  1. The Gateway should **NOT** show any span data received.  
-  This is because the **Gateway** is configured with a filter to drop spans named `"/_healthz"`, so the span will be discarded/dropped and not processed further.
-  2. Confirm normal span are processed by using the cURL command with the `trace.json` file again.  
-  This time, you should see both the agent and gateway process the spans successfully.
+**Check the Gateway Debug output**:
+
+1. The Gateway should **NOT** show any span data received. This is because the **Gateway** is configured with a filter to drop spans named `"/_healthz"`, so the span will be discarded/dropped and not processed further.
+2. Confirm normal span are processed by using the cURL command with the `trace.json` file again. This time, you should see both the agent and gateway process the spans successfully.
 {{% /notice %}}
 
 {{% notice title="Tip" style="primary" icon="lightbulb" %}}
@@ -83,7 +83,7 @@ When using the `Filter` processor make sure you understand the look of your inco
 ---
 The following excises can be done in your own time after the workshop.
 
-### (Optional) Modify the Filter Condition
+**(Optional) Modify the Filter Condition**:
 
 If you’d like, you can customize the filter condition to drop spans based on different criteria. This step is optional and can be explored later. For example, you might configure the filter to drop spans that include a specific tag or attribute.
 
@@ -99,7 +99,7 @@ filter:
 
 This filter would drop spans where the `service.name` attribute is set to `frontend`.
 
-### (Optional) Filter Multiple Spans
+**(Optional) Filter Multiple Spans**:
 
 You can filter out multiple span names by extending the span list:
 
diff --git a/content/en/ninja-workshops/10-advanced-otel/6-sensitive-data/6-1-configuration.md b/content/en/ninja-workshops/10-advanced-otel/6-sensitive-data/6-1-configuration.md
@@ -25,48 +25,48 @@ Attributes:
 
 Switch to your **Agent** terminal window. Navigate to the `[WORKSHOP]/6-sensitive-data` directory and open the `agent.yaml` file in your editor.
 
-* **Add an `attributes` Processor**: This processor allows you to update, delete, or hash specific attributes (tags) within spans. We'll update `user.phone_number`, hash `user.email`, and remove `user.account_password`:
+**Add an `attributes` Processor**: This processor allows you to update, delete, or hash specific attributes (tags) within spans. We'll update `user.phone_number`, hash `user.email`, and remove `user.account_password`:
 
-  ```yaml
-  attributes/update:               # Processor Type/Name
-    actions:                       # List of actions
-      - key: user.phone_number     # Target key
-        action: update             # Replace value with:
-        value: "UNKNOWN NUMBER"
-      - key: user.email            # Hash the email value
-        action: hash               
-      - key: user.account_password # Remove the password
-        action: delete             
-  ```
+```yaml
+attributes/update:               # Processor Type/Name
+  actions:                       # List of actions
+    - key: user.phone_number     # Target key
+      action: update             # Replace value with:
+      value: "UNKNOWN NUMBER"
+    - key: user.email            # Hash the email value
+      action: hash               
+    - key: user.account_password # Remove the password
+      action: delete             
+```
 
-* **Add a `redaction` Processor**: This processor will detect and redact sensitive values based on predefined patterns. We'll block credit card numbers using regular expressions.
+**Add a `redaction` Processor**: This processor will detect and redact sensitive values based on predefined patterns. We'll block credit card numbers using regular expressions.
 
-  ```yaml
-  redaction/redact:               # Processor Type/Name
-    allow_all_keys: true          # If false, only allowed keys will be retained
-    blocked_values:               # List of regex patterns to hash
-      - '\b4[0-9]{3}[\s-]?[0-9]{4}[\s-]?[0-9]{4}[\s-]?[0-9]{4}\b'  # Visa card
-      - '\b5[1-5][0-9]{2}[\s-]?[0-9]{4}[\s-]?[0-9]{4}[\s-]?[0-9]{4}\b'  # MasterCard
-    summary: debug  # Show debug details about redaction
-  ```
+```yaml
+redaction/redact:               # Processor Type/Name
+  allow_all_keys: true          # If false, only allowed keys will be retained
+  blocked_values:               # List of regex patterns to hash
+    - '\b4[0-9]{3}[\s-]?[0-9]{4}[\s-]?[0-9]{4}[\s-]?[0-9]{4}\b'  # Visa card
+    - '\b5[1-5][0-9]{2}[\s-]?[0-9]{4}[\s-]?[0-9]{4}[\s-]?[0-9]{4}\b'  # MasterCard
+  summary: debug  # Show debug details about redaction
+```
 
-* **Update the `traces` Pipeline**: Integrate both processors into the `traces` pipeline to ensure the redactions and modifications take effect:
+**Update the `traces` Pipeline**: Integrate both processors into the `traces` pipeline to ensure the redactions and modifications take effect:
 
-  ```yaml
-  traces:
-    receivers:              # Data input sources
-      - otlp
-    processors:             # Processing steps in the pipeline
-      - memory_limiter      # Manage memory usage
-      - attributes/update   # Update, hash, and remove attributes
-      - redaction/redact    # Redact sensitive fields using regex
-      - resourcedetection   # Add system attributes
-      - resource/add_mode   # Add metadata about collector mode
-      - batch
-    exporters:              # Output destinations
-      - debug
-      - otlphttp
-  ```
+```yaml
+traces:
+  receivers:              # Data input sources
+    - otlp
+  processors:             # Processing steps in the pipeline
+    - memory_limiter      # Manage memory usage
+    - attributes/update   # Update, hash, and remove attributes
+    - redaction/redact    # Redact sensitive fields using regex
+    - resourcedetection   # Add system attributes
+    - resource/add_mode   # Add metadata about collector mode
+    - batch
+  exporters:              # Output destinations
+    - debug
+    - otlphttp
+```
 
 {{% /notice %}}
 
diff --git a/content/en/ninja-workshops/10-advanced-otel/6-sensitive-data/6-2-test-delete-tag.md b/content/en/ninja-workshops/10-advanced-otel/6-sensitive-data/6-2-test-delete-tag.md
@@ -4,18 +4,34 @@ linkTitle: 6.2 Test Attribute Processor
 weight: 2
 ---
 
-### Test the Attribute Processor tag updates
+In this exercise, we will **delete** the `user.account_password`, **update** the `user.phone_number` **attribute** and **hash** the `user.email` in the span data before it is exported by the **Agent**.
 
-Start your gateway agent from the `[WORKSHOP]/6-sensitive-data` directory in the **Gateway** terminal window, and wait until it is ready to receive data.
+{{% notice title="Exercise" style="green" icon="running" %}}
 
-In this exercise, we will **delete** the `user.account_password`, **update** the `user.phone_number` **attribute** & **hash** the `user.email` in the span data before it is exported by the **Agent**.
+**Start the Gateway**: In the **Gateway** terminal change into the `6-sensitive-data` directory:
 
-{{% notice title="Exercise" style="green" icon="running" %}}
+```sh
+../otelcol --config=gateway.yaml
+```
+
+**Update `agent.yaml`**:
+
+1. In the **Agent** terminal change into the `6-sensitive-data` directory and edit the `agent.yaml`.
+2. Disable the `redaction/redact` processor in the `traces` pipeline by adding the comment character `#` in front.
+
+**Start the Agent**: Remaining in the **Agent** terminal window:
+
+```sh
+../otel --config=agent.yaml
+```
+
+**Send a span**:
+
+1. In the **Test** terminal window change into the `6-sensitive-data` directory.
+2. Send the span containing **sensitive data** by running the `curl` command to send `trace.json`.
+
+**Check the debug output**: For both the **Agent** and **Gateway** debug output, confirm that `user.account_password` has been removed, and both `user.phone_number` & `user.email` have been updated.
 
-- **Disable the `redaction/redact` processor** in the `traces` pipeline by adding the comment character `#` in front of it and save the `agent.yaml`.
-- **Start the **Agent** Collector** from the `[WORKSHOP]/6-sensitive-data` directory in the **Agent** terminal window.
-- **Send a span containing `Sensitive data`** by running the **cURL** command from the `[WORKSHOP]/6-sensitive-data` directory in the **Test** terminal window to send `trace.json`.
-- **Check the debug output** of both the **Agent** and **Gateway** to confirm that `user.account_password` has been removed, and both `user.phone_number` & `user.email` have been updated.
 {{% tabs %}}
 {{% tab title="New Debug Output" %}}
 
@@ -44,7 +60,7 @@ In this exercise, we will **delete** the `user.account_password`, **update** the
 {{% /tab %}}
 {{% /tabs %}}
 
-- **Check** the new `gateway-traces.out` file to confirm that `user.account_password` has been removed, and `user.phone_number` & `user.email` have been updated.
+**Check file output**: In the new `gateway-traces.out` file confirm that `user.account_password` has been removed, and `user.phone_number` & `user.email` have been updated:
 
 {{% tabs %}}
 {{% tab title="New File Output" %}}
diff --git a/content/en/ninja-workshops/10-advanced-otel/6-sensitive-data/6-3-test-redaction.md b/content/en/ninja-workshops/10-advanced-otel/6-sensitive-data/6-3-test-redaction.md
@@ -30,10 +30,17 @@ Delete the `*.out` files and clear the screen. Restart your **Gateway** terminal
 In this exercise, we will **redact** the `user.visa` & `user.mastercard` **values** in the span data before it is exported by the **Agent**.
 {{% notice title="Exercise" style="green" icon="running" %}}
 
-- **Enable the `redaction/redact` processor** in the `traces` pipeline by removing the `#` in front of it and then restart the **Agent**.
-- **Start the **Agent** Collector** from the `[WORKSHOP]/6-sensitive-data` directory in the **Agent** terminal window.
-- **Send a span containing `Sensitive data`** by running the **cURL** command to send `trace.json`.
-- **Check the debug output** of both the **Agent** and **Gateway** to confirm the values for `user.visa` & `user.mastercard` have been updated. Notice `user.amex` attribute value was NOT redacted because a matching regex pattern was not added to `blocked_values`
+**Enable the `redaction/redact` processor**: In the **Agent** terminal window edit `agent.yaml` and remove the `#` we inserted in the previous exercise.
+
+**Start the Agent**: In the **Agent** terminal window run:
+
+```sh
+../otelcol --config=agent.yaml
+```
+
+**Send a span**: Run the `curl` command and in the **Test** terminal window to send `trace.json`.
+
+**Check the debug output**: For both the **Agent** and **Gateway** confirm the values for `user.visa` & `user.mastercard` have been updated. Notice `user.amex` attribute value was NOT redacted because a matching regex pattern was not added to `blocked_values`
 
 {{% tabs %}}
 {{% tab title="New Debug Output" %}}
@@ -69,7 +76,7 @@ In this exercise, we will **redact** the `user.visa` & `user.mastercard` **value
 By including `summary:debug` in the redaction processor, the debug output will include summary information about which matching keys values were redacted, along with the count of values that were masked.
 {{% /notice %}}
 
-- **Check** the new `gateway-traces.out` file to verify confirm that `user.visa` & `user.mastercard` have been updated.
+**Check file output**: In the newly created `gateway-traces.out` file to verify confirm that `user.visa` & `user.mastercard` have been updated.
 
 {{% tabs %}}
 {{% tab title="New File Output" %}}
@@ -170,7 +177,7 @@ By including `summary:debug` in the redaction processor, the debug output will i
 
 {{% /notice %}}
 
-### (Optional) Redact Amex CC number
+**(Optional) Redact Amex CC number**:
 
 Add the Amex card regex to `blocked_values` and restart **Agent** collector.
 
