Secret masking in Logs

Overview

Lumigo provides advanced log masking capabilities to enhance data privacy and security. Log masking allows you to define rules that hide sensitive data in logs before they are processed and stored.

Client-Side Masking

Client-side masking enables you to mask sensitive data on the client side before it is sent to Lumigo. Lumigo's client-side masking adheres to the strictest privacy requirements.

Configure Client-Side Masking

To configure client-side masking, set the following environment variables:

  • LUMIGO_LOG_MASKING_REGEX_VALUE: This variable accepts an array of regular expressions designed to scrub specific values within your logs.

To specify keys you want scrubbed you can either provide a Regex, which is useful mostly for unstructured logs, or the exact JSON path:

  • LUMIGO_LOG_MASKING_REGEX_KEY: This variable accepts an array of regular expressions that match JSON keys in your logs. The values of the matching keys will be scrubbed.
  • LUMIGO_LOG_MASKING_EXACT_PATH: This variable accepts an array of exact paths to scrub.

Log masking via the Lumigo platform

Lumigo also provides a centralized solution for log masking, enabling users to define masking rules globally. These rules are then propagated across all components, including Lambda functions, containers, and Kubernetes.

Configure the Log Masking Rule

Contact our support team for setting a log masking rule.