Good observability is not an excuse to collect everything. Treat every capture surface as a contract: send the fields that help you debug, redact the fields that can harm users or your own systems, and keep the rest out entirely.
Baseline Rules
- Keep DSN signing secrets and machine tokens server-only.
- Do not embed secrets in exception messages, tags, or custom context.
- Only capture request bodies when they are genuinely useful for debugging.
- Prefer stable IDs and redacted summaries over raw user-provided payloads.
JavaScript / Express Redaction
app.use(expressErrorHandler({includeRequestBody: true,maxBodyLength: 4096,redactHeaderKeys: ["authorization", "cookie"],redactBodyKeys: ["password", "token", "secret"],}))
Python before_send Redaction
from errova_sdk import initSENSITIVE_CONTEXT_KEYS = {"password", "token", "authorization", "ssn"}def redact(event):context = event.get("context")if isinstance(context, dict):for key in list(context.keys()):if str(key).lower() in SENSITIVE_CONTEXT_KEYS:context[key] = "[REDACTED]"user = event.get("user")if isinstance(user, dict) and "email" in user:user["email"] = "[REDACTED]"return eventinit(dsn="https://ingest.example.com/ingest/<public_key>/events",before_send=redact,)
Browser Keys and Origins
- Use browser-public keys only from browser code.
- Restrict them with exact allowed origins.
- Validate origin behavior in
report_onlybefore enforcement.
Data-Model Guidance
- Keep tags low-cardinality and predictable.
- Hash or redact identifiers when policy does not allow the raw value.
- Store email in user context only when policy allows it and it is operationally useful.