[AspNetCore Instrumentation] Ability to scrub (redact or encrypt) sensitive information from exception stack-trace

[dpk83]

Feature Request

Make the instrumentation library more flexible to allow scrubbing/redaction or encryption of sensitive information.

Is your feature request related to a problem?
AspNetCore instrumentation library currently has an option to record exceptions. When this is enabled then exception type, exception message and exception stack trace is captured. Stack-trace details may contain sensitive information which can result in privacy issues. When RecordException option is enabled the exception is added as activityevent to the activity which can't be modified by a custom processor further down the pipeline today.

Describe the solution you'd like:
We would like the ability to scrub sensitive information from stack trace. Possible solutions could be (not an exhaustive list, just some suggestions)

1. Add the exception details by means or tag or custom properties or some other mechanism that can be fetched and modified in custom processor. This way customers can write a custom processor which would inspect the stack trace and perform desired scrubbing and then update the value with the scrubbed stack trace.
2. Another alternative is to provide a way for customers to configure encryptor or redactor to scrub the sensitive information from the stack trace or scrub the full stack trace e.g. encrypt the full stack trace so when needed service developers can decrypt and get the details required for diagnosing issues.
3. At the minimum (least ideal solution), provide additional option to record exception type and message but exclude capturing stack trace.

Describe alternatives you've considered.
The alternative is to not use the record exception functionality provided in the library and instead write custom one. This is not an ideal solution because we would essentially just be doing most of the work that's already present in the library but can't be used due to the limitation.

Additional Context

Leaking sensitive information in logs/traces or metrics is a huge concern for our enterprise so the ability to avoid this is super critical.

[cijothomas]

Add the exception details by means or tag or custom properties or some other mechanism

Exception is stored as Events, instead of Activity.Tags as required by the spec : https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/semantic_conventions/exceptions.md#recording-an-exception

Agree the spec is not marked stable, so need to ensure that whatever we do is aligned with semantic conventions.