Sentry Data Scrubbing

[ghost]

There is a user/forgot-password API endpoint in my code. Why does sentry filter out user/forgot-password endpoint from event-breadcrumbs, event-info, etc...?

It even filtered out the API response which contains the word "token" or "password". It even filtered out the word "author". Can anyone tell me what's happening here?

[smeubank]

Any chance you can see a log on your side the request to sentry? This way we could check if the data is scrubbed in SDK or if it during ingesting on Sentry server side

[AbhiPrasad]

We by default filter out potential sources of PII (for example, things that include password) on the server. For more information, please see: https://docs.sentry.io/product/data-management-settings/scrubbing/server-side-scrubbing/

If you cannot - or do not want to - scrub data within the SDK, Sentry provides a number of options to achieve this in the product itself. You'll find these settings under the Data Scrubber option within both your Organization and individual Project settings. By default this is enabled, and we highly recommend you keep it that way.

If you turn off the server side data scrubbing functionality, you'll have to make sure to add controls to your SDK to scrub PII appropriately.