Act now or forever hide your values.
The OpenTelemetry Semantic Conventions tell people what to name various common attributes, and what values to put in them. This keeps instrumentation consistent between services. It saves a lot of bikeshedding.
One of the standard fields is url.full, holding the full URL of a network request or page load. This includes the query parameters.
https://otel.jessitron.honeydemo.io/api/cart?sessionId=1c8e0458-9e99-48da-adb2-2042495edaa3¤cyCode=USDSometimes query parameters contain sensitive information, and we don’t want that transmitted by default.
https://s3.amazonaws.com/examplebucket/test.txt
?X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=<your-access-key-id>/20130721/us-east-1/s3/aws4_request
&X-Amz-Date=20130721T201207Z
&X-Amz-Expires=86400
&X-Amz-SignedHeaders=host
&X-Amz-Signature=<signature-value> There’s a proposal that the query parameter values should all be replaced by REDACTED.
https://otel.jessitron.honeydemo.io/api/cart?sessionId=REDACTED¤cyCode=REDACTEDThis is a breaking change, because people are used to seeing their query parameter values. They find customer or session ID there, very useful. Sometimes the query parameters are critical to what page people are on.
There’s another proposal that only known-sensitive query parameters should be redacted.
https://s3.amazonaws.com/examplebucket/test.txt
?X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=REDACTED
&X-Amz-Date=20130721T201207Z
&X-Amz-Expires=86400
&X-Amz-SignedHeaders=host
&X-Amz-Signature=REDACTEDThis is a breaking change too, but it is a minimal one. Everybody wants those query parameters redacted.
Right now is a great time to upvote the one you like, and thumbs-down the other! Specific redaction or obfuscating-useful-information redaction. I bet you can guess which is my favorite š
