Skip to main content
Mastra v1 is coming in January 2026. Get ahead by starting new projects with the beta or upgrade your existing project today.

SensitiveDataFilter

An AISpanProcessor that redacts sensitive information from span fields.

ConstructorDirect link to Constructor

new SensitiveDataFilter(options?: SensitiveDataFilterOptions)

SensitiveDataFilterOptionsDirect link to SensitiveDataFilterOptions

interface SensitiveDataFilterOptions {
  /**
   * List of sensitive field names to redact.
   * Matching is case-insensitive and normalizes separators
   * (api-key, api_key, Api Key → apikey).
   * Defaults include: password, token, secret, key, apikey, auth,
   * authorization, bearer, bearertoken, jwt, credential,
   * clientsecret, privatekey, refresh, ssn.
   */
  sensitiveFields?: string[];

  /**
   * The token used for full redaction.
   * Default: "[REDACTED]"
   */
  redactionToken?: string;

  /**
   * Style of redaction to use:
   * - "full": always replace with redactionToken
   * - "partial": show 3 characters from the start and end, redact the middle
   * Default: "full"
   */
  redactionStyle?: RedactionStyle;
}

RedactionStyleDirect link to RedactionStyle

type RedactionStyle = "full" | "partial";

MethodsDirect link to Methods

processDirect link to process

process(span: AnyAISpan): AnyAISpan

Process a span by filtering sensitive data across its key fields: attributes, metadata, input, output, and errorInfo.

Returns: A new span with sensitive values redacted.

shutdownDirect link to shutdown

async shutdown(): Promise<void>

No cleanup needed for this processor.

PropertiesDirect link to Properties

readonly name = 'sensitive-data-filter';

Default Sensitive FieldsDirect link to Default Sensitive Fields

When no custom fields are provided:

[
  "password",
  "token",
  "secret",
  "key",
  "apikey",
  "auth",
  "authorization",
  "bearer",
  "bearertoken",
  "jwt",
  "credential",
  "clientsecret",
  "privatekey",
  "refresh",
  "ssn",
];

Processing BehaviorDirect link to Processing Behavior

Field MatchingDirect link to Field Matching

  • Case-insensitive: APIKey, apikey, ApiKey all match
  • Separator-agnostic: api-key, api_key, apiKey are treated identically
  • Exact matching: After normalization, fields must match exactly
    • token matches token, Token, TOKEN
    • token does NOT match promptTokens or tokenCount

Redaction StylesDirect link to Redaction Styles

Full Redaction (default)Direct link to Full Redaction (default)

All matched values replaced with redactionToken.

Partial RedactionDirect link to Partial Redaction

  • Shows first 3 and last 3 characters
  • Values ≤ 6 characters are fully redacted
  • Non-string values are converted to strings before partial redaction

Error HandlingDirect link to Error Handling

If filtering a field fails, the field is replaced with:

{
  error: {
    processor: "sensitive-data-filter";
  }
}

Processed FieldsDirect link to Processed Fields

The filter recursively processes:

  • span.attributes - Span metadata and properties
  • span.metadata - Custom metadata
  • span.input - Input data
  • span.output - Output data
  • span.errorInfo - Error information

Handles nested objects, arrays, and circular references safely.