Data Collected

See what data is collected by the Sentry SDK.

Sentry takes data privacy very seriously and has default settings in place that prioritize data safety, especially when it comes to personally identifiable information (PII) data. When you add the Sentry SDK to your application, you allow it to collect data and send it to Sentry during the runtime of your application.

The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. Here's a list of data categories the Sentry Elixir SDK collects:

When using the Plug or Phoenix integrations, HTTP headers from requests are included in error reports with built-in filtering for security:

Default Behavior:

  • Most request headers are included by default
  • Sensitive headers are automatically scrubbed, including:
    • authorization
    • authentication
    • cookie

Configuration:

Copied
# Custom header filtering
config :sentry,
  header_scrubber: &MyApp.CustomHeaderScrubber.scrub/1

Default Behavior:

  • All cookies are scrubbed by default for privacy protection
  • No cookie data is sent to Sentry unless explicitly configured

Configuration:

Copied
# Enable cookie collection with custom scrubbing
config :sentry,
  cookie_scrubber: &MyApp.CustomCookieScrubber.scrub/1

Default Behavior:

  • Client IP addresses are collected from HTTP requests
  • Prioritizes x-forwarded-for header, falls back to conn.remote_ip

Configuration:

Copied
# Custom IP address extraction
config :sentry,
  remote_address_reader: {MyModule, :get_ip_address}

Default Behavior:

  • Full request URLs are always sent, including query strings
  • URLs may contain PII depending on your application's routing structure

Configuration:

Copied
# Custom URL scrubbing
config :sentry,
  url_scrubber: &MyApp.UrlScrubber.scrub/1

Default Behavior:

  • Request body parameters are included with automatic scrubbing
  • Sensitive parameters are filtered by default:
    • password
    • passwd
    • secret
    • Credit card numbers (detected via regex pattern)

Configuration:

Copied
# Custom body parameter filtering
config :sentry,
  body_scrubber: &MyApp.BodyScrubber.scrub/1

Default Behavior:

  • Source code context is disabled by default
  • Must be explicitly enabled and packaged

Configuration:

Copied
# Enable source code context
config :sentry,
  enable_source_code_context: true,
  root_source_code_paths: [File.cwd!()],
  context_lines: 3  # Lines before/after error

Default Behavior:

  • Local variables are not included in stack traces
  • Stack traces contain function names, function variables, modules, file paths, and line numbers only

Note: Unlike some other SDKs, the Elixir SDK does not currently support capturing local variables due to the nature of the Erlang VM.

When using the Logger integration, additional data is collected:

Log Metadata:

  • Configurable via the :metadata option
  • Can include specific keys or all available metadata

Process Context:

  • Process ID (PID)
  • GenServer state and last message (for crashed GenServers)
  • Process crash reasons

Configuration:

Copied
config :logger, :sentry,
  metadata: [:request_id, :user_id] # Specific keys
# or
config :logger, :sentry,
  metadata: :all # All available metadata

Default Behavior:

  • List of loaded applications and their versions are sent
  • Helps with debugging version-specific issues

Configuration:

Copied
# Disable dependency reporting
config :sentry,
  report_deps: false

When using the Oban integration for background jobs:

Job Information:

  • Job arguments, attempt count, queue name
  • Worker class name
  • Job metadata and tags
  • Max attempts and current state

To learn more about customizing PII data collection, see the following API docs:

Previous
Data Management
Next
Scrubbing Sensitive Data
Was this helpful?
Help improve this content
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) or suggesting an update ("yeah, this would be better").