PII Scrubbing and Data Collection in Hud
Hud minimizes PII risk by separating metrics from forensics and scrubbing sensitive data inside your pods before anything is sent out.
Overview
Hud collects two types of data:
-
Metrics (PII-free by design) - aggregated function-level and endpoint-level performance and reliability signals.
A metric contains:
- Endpoint / queue / function name
- Source file
- Hash
- Duration
- Error rate
- Invocation counts over time Metrics do not contain PII.
-
Forensics (event-based, scrubbed) - detailed, event-based payloads captured only when Hud detects an issue that needs deeper investigation. Forensics can include request context and other debugging details (depending on your configuration), and are always scrubbed before transmission.
Hud sends forensics by default in two cases:
- Errors (for example, when an endpoint returns an error)
- Duration forensics when an endpoint spikes significantly in duration (performance outlier)
Configurable forensics collection
Forensics are configurable so you can choose the right balance between data minimization and debugging value. Each forensics detail can be turned on/off independently.
Default forensics configuration
By default, the following are enabled (and scrubbed):
- Endpoint parameter collection
- Exception message
- Outbound metadata (for specific supported frameworks)
- Exception stack trace
By default, the following are disabled:
- Function parameter collection
If you want to change what forensics include (for example, run with leaner forensics or enable additional details for faster detect-to-fix), contact Hud and we will apply the configuration you want.
Where scrubbing happens
Hud scrubs sensitive data at the edge, inside your workload.
This means:
- Unscrubbed data never leaves the pod.
- Scrubbing is applied before any forensics payload is transmitted.
When a value is redacted, it will appear as [REDACTED]
Default scrubbing rules
Hud applies two layers of scrubbing:
- Key-based redaction (blacklist of sensitive parameter names)
- Pattern-based redaction (regex-based censorship)
1) Key-based redaction (blacklistParams)
If any key in a captured payload matches one of the following names, its value will be redacted:
[
"password",
"passwd",
"pwd",
"secret",
"token",
"apiKey",
"accessKey",
"auth",
"authorization",
"credentials",
"jwt",
"sessionId",
"sessionToken",
"clientSecret",
"oauth",
"oauthToken",
"ssoToken",
"api_secret",
"api_secret_key",
"ssn",
"sin",
"passport",
"passportNumber",
"driverLicense",
"dlNumber",
"user_id",
"userid",
"email",
"emailAddress",
"phone",
"phoneNumber",
"address",
"homeAddress",
"dob",
"birthDate",
"dateOfBirth",
"creditCard",
"credit_card",
"ccn",
"cardNumber",
"cvv",
"cvc",
"iban",
"bic",
"swift",
"bankAccount",
"bank_account",
"fingerprint",
"faceId",
"voicePrint",
"medicalRecord",
"healthId",
"authToken",
"auth_code",
"authCode",
"pin",
"userPin",
"user_secret",
"cookies"
]2) Pattern-based redaction (censorshipRegexes)
Hud also scans captured text fields for common sensitive patterns and replaces them.
[
{
"regex": "\\b[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+\\b",
"replacement": "[REDACTED-EMAIL]"
},
{
"regex": "[\\b+][+]?[(]?[0-9]{3}[)]?[-\\s.]?[0-9]{3}[-\\s.]?[0-9]{4,6}\\b",
"replacement": "[REDACTED-PHONE-NUMBER]"
},
{
"regex": "\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b",
"replacement": "[REDACTED-IP]"
},
{
"regex": "\\b[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\b",
"replacement": "[REDACTED-JWT]"
},
{
"regex": "\\b(?!1\\d{12}(?!\\d))((4\\d{3})|(5[0-5]\\d{2})|(6\\d{3})|(1\\d{3})|(3\\d{3}))[- ]?(\\d{3,4})[- ]?(\\d{3,4})[- ]?(\\d{3,5})\\b",
"replacement": "[REDACTED-CREDIT-CARD]"
}
]Extending scrubbing rules or changing configuration
If you need to:
- Add additional redaction keys
- Add custom regex patterns
- Adjust what forensics collect (leaner or more detailed)
- Disable/enable specific forensics components
Updated about 9 hours ago