Skip to content

fix: Redact sensitive data from OTEL traces and fix env var parsing #1553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chandra-siri merged 7 commits into from
Oct 22, 2025
Merged

fix: Redact sensitive data from OTEL traces and fix env var parsing #1553

chandra-siri merged 7 commits into from
Oct 22, 2025

Conversation

@rajeevpodar
Copy link
Collaborator

@rajeevpodar rajeevpodar commented Sep 24, 2025
edited
Loading

fix: Redact sensitive data from OTEL traces and fix env var parsing

Summary

This PR addresses two key improvements:

  1. Redaction of Sensitive Data in OTEL Traces:

    • Ensures that sensitive information (such as authentication tokens, secret values, etc.) is not captured or exposed in OpenTelemetry traces.
    • Applies systematic filtering and redaction to both HTTP request and response data included in trace spans.

  2. Robust Environment Variable Parsing:

    • Fixes and simplifies the logic for parsing environment variables to avoid misconfigurations and potential runtime errors.

Details

  • The implementation closely follows the OpenTelemetry HTTP semantic conventions, ensuring that all HTTP spans generated by the library are compliant.
  • All relevant HTTP attributes in traces are set according to the specification, while omitting or redacting values that are considered sensitive.
  • Includes tests and documentation updates to reflect the improved behavior.

Motivation

  • Security: Preventing leakage of sensitive information via telemetry is essential for compliance and user trust.
  • Standardization: Aligning with OpenTelemetry semantic conventions improves interoperability with observability tools and makes traces easier to understand and analyze.

Related Links

Please let me know if further changes or clarifications are needed.

@product-auto-label product-auto-label bot added size: m Pull request size is medium. api: storage Issues related to the googleapis/python-storage API. labels Sep 24, 2025
@chandra-siri chandra-siri self-assigned this Sep 24, 2025
@rajeevpodar rajeevpodar force-pushed the fix_hide_sensitive_query_keys branch from 7c4be24 to 91f04b2 Compare September 25, 2025 04:36
@rajeevpodar rajeevpodar marked this pull request as ready for review September 25, 2025 04:48
@rajeevpodar rajeevpodar requested review from a team as code owners September 25, 2025 04:48
@chandra-siri chandra-siri added the owlbot:run Add this label to trigger the Owlbot post processor. label Sep 25, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Sep 25, 2025
chandra-siri
chandra-siri requested changes Sep 25, 2025
View reviewed changes
chandra-siri
chandra-siri previously approved these changes Oct 22, 2025
View reviewed changes
@product-auto-label product-auto-label bot added size: l Pull request size is large. and removed size: m Pull request size is medium. labels Oct 22, 2025
@chandra-siri chandra-siri merged commit a38ca19 into main Oct 22, 2025
15 checks passed
@chandra-siri chandra-siri deleted the fix_hide_sensitive_query_keys branch October 22, 2025 12:00
@release-please release-please bot mentioned this pull request Oct 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chandra-siri chandra-siri chandra-siri approved these changes

Assignees

@chandra-siri chandra-siri

Labels

api: storage Issues related to the googleapis/python-storage API. size: l Pull request size is large.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rajeevpodar @chandra-siri