- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Datadog Dynamic Instrumentation enhances the observability and debugging capabilities of your applications by capturing variable data at arbitrary code locations in production environments. It also can craft and evaluate expressions in real-time, and integrate their outputs into log messages or add them as span tags.
While this functionality is powerful, it also presents the possibility of sensitive data leaks, both intentional and unintentional. Alongside the product’s robust data capture capabilities, it also provides comprehensive measures to safeguard sensitive information.
By understanding and properly configuring these redaction mechanisms, you can use Dynamic Instrumentation with confidence and security.
Dynamic Instrumentation automatically redacts values linked to specific identifiers deemed sensitive, such as password
and accessToken
. See the full list of redacted identifiers.
You can further tailor redaction by specifying additional identifiers. In your application’s environment (not on datadog-agent
), set the DD_DYNAMIC_INSTRUMENTATION_REDACTED_IDENTIFIERS
environment variable to a comma-separated list of identifiers such as firstName,lastName,phoneNumber
.
Redaction applies universally, regardless of how the identifier is used in the code (as method arguments, local variables, class attributes, dictionary keys, and so on). The associated values are redacted in your infrastructure and not uploaded to Datadog.
Certain classes may inherently contain sensitive information (for example, a UserCredentials
class). Again in your application’s environment (not on datadog-agent
), set the DD_DYNAMIC_INSTRUMENTATION_REDACTED_TYPES
environment variable to a comma-separated list of sensitive types, such as MyCompany.Authentication.UserCredential,MyCompany.BillingAddress
.
Class-based redaction:
Sensitive Data Scanner identifies and redacts sensitive information based on specific regular expressions.
When you first access Dynamic Instrumentation Setup, you can optionally set up default Sensitive Data Scanner rules for Dynamic Instrumentation. These cover common regular expressions for likely sensitive data such as email addresses or JWT tokens.
You can disable the default rules or create other rules through the Sensitive Data Scanner. To create a new Sensitive Data Scanner rule for Dynamic Instrumentation, set it to filter on source:dd_debugger
.
Note: Datadog Sensitive Data Scanner performs its redaction after the information is uploaded to Datadog.