-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add Secret Filtering component #1593
Conversation
// | ||
// For the first case, we can replace the entire match with the redaction string. | ||
// For the second case, we can replace the first submatch with the redaction string (to avoid redacting something else than the secret such as delimiters). | ||
for _, occ := range r.regex.FindAllStringSubmatch(entry.Line, -1) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Think we can split this block into a separate func, lots of deep nesting going on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed in d8fa6e5.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some initial (minor) doc suggestions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some initial (minor) doc suggestions
Thanks a lot! I addressed your suggestions in 500891f 😄 |
Co-authored-by: Clayton Cornell <131809008+clayton-cornell@users.noreply.github.com>
567c920
to
b537c85
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for making the changes, only two small nits left.
Did you try to run a pipeline with this component at scale to see what the performance impact is?
Done, thanks. We've done basic benchmarks and found that the overhead for redaction is less than a ms per log entry on a standard laptop, with all secrets enabled. Right now, our focus is to get it merged so that we can start to use it to redact secrets internally for security purposes. |
PR Description
This PR adds a secret filtering component for Loki into Alloy. It is based on the work we have done in the August 2024 hackathon.
Which issue(s) this PR fixes
Notes to the Reviewer
PR Checklist