SensitiveDataFilter

A SpanOutputProcessor that redacts sensitive information from span fields.

Constructor
Direct link to Constructor

new SensitiveDataFilter(options?: SensitiveDataFilterOptions)

SensitiveDataFilterOptions
Direct link to SensitiveDataFilterOptions

interface SensitiveDataFilterOptions {
  /**
   * List of sensitive field names to redact.
   * Matching is case-insensitive and normalizes separators
   * (api-key, api_key, Api Key → apikey).
   * Defaults include: password, token, secret, key, apikey, auth,
   * authorization, bearer, bearertoken, jwt, credential,
   * clientsecret, privatekey, refresh, ssn.
   */
  sensitiveFields?: string[];

  /**
   * The token used for full redaction.
   * Default: "[REDACTED]"
   */
  redactionToken?: string;

  /**
   * Style of redaction to use:
   * - "full": always replace with redactionToken
   * - "partial": show 3 characters from the start and end, redact the middle
   * Default: "full"
   */
  redactionStyle?: RedactionStyle;
}

RedactionStyle
Direct link to RedactionStyle

type RedactionStyle = "full" | "partial";

Methods
Direct link to Methods

process
Direct link to process

process(span: AnySpan): AnySpan

Process a span by filtering sensitive data across its key fields: attributes, metadata, input, output, and errorInfo.

Returns: A new span with sensitive values redacted.

shutdown
Direct link to shutdown

async shutdown(): Promise<void>

No cleanup needed for this processor.

Properties
Direct link to Properties

readonly name = 'sensitive-data-filter';

Default Sensitive Fields
Direct link to Default Sensitive Fields

When no custom fields are provided:

[
  "password",
  "token",
  "secret",
  "key",
  "apikey",
  "auth",
  "authorization",
  "bearer",
  "bearertoken",
  "jwt",
  "credential",
  "clientsecret",
  "privatekey",
  "refresh",
  "ssn",
];

Processing Behavior
Direct link to Processing Behavior

Field Matching
Direct link to Field Matching

Case-insensitive: APIKey, apikey, ApiKey all match
Separator-agnostic: api-key, api_key, apiKey are treated identically
Exact matching: After normalization, fields must match exactly
- token matches token, Token, TOKEN
- token does NOT match promptTokens or tokenCount

Redaction Styles
Direct link to Redaction Styles

Full Redaction (default)
Direct link to Full Redaction (default)

All matched values replaced with redactionToken.

Partial Redaction
Direct link to Partial Redaction

Shows first 3 and last 3 characters
Values ≤ 6 characters are fully redacted
Non-string values are converted to strings before partial redaction

Error Handling
Direct link to Error Handling

If filtering a field fails, the field is replaced with:

{
  error: {
    processor: "sensitive-data-filter";
  }
}

Processed Fields
Direct link to Processed Fields

The filter recursively processes:

span.attributes - Span metadata and properties
span.metadata - Custom metadata
span.input - Input data
span.output - Output data
span.errorInfo - Error information

Handles nested objects, arrays, and circular references safely.

ConstructorDirect link to Constructor

SensitiveDataFilterOptionsDirect link to SensitiveDataFilterOptions

RedactionStyleDirect link to RedactionStyle

MethodsDirect link to Methods

processDirect link to process

shutdownDirect link to shutdown

PropertiesDirect link to Properties

Default Sensitive FieldsDirect link to Default Sensitive Fields

Processing BehaviorDirect link to Processing Behavior

Field MatchingDirect link to Field Matching

Redaction StylesDirect link to Redaction Styles

Full Redaction (default)Direct link to Full Redaction (default)

Partial RedactionDirect link to Partial Redaction

Error HandlingDirect link to Error Handling

Processed FieldsDirect link to Processed Fields