Description: Although Canary is designed not to hold sensitive data, someone (even an attacker) can attempt to log in to your Canary with legitimate credentials.

Of course, once credentials have been "given away" they should be rolled as a matter of good practice, but what if you have your alerts piped to Slack, Email, pager duty... Did those real credentials now end up in all those channels?

Data Masking is the answer! 

Data Masking: Enabled

Data Masking: Disabled

Note: You should definitely still roll those credentials, but this way it feels a little less icky.

As of our most recent update you now have the option of configuring masking of sensitive data in two locations:

Option 1: Masking of Sensitive Data on the Canary - sensitive data will never reach your Console, it gets discarded by the Canary when capturing the alert. This requires the Canary in question to be running version 3.x.4 or higher, or 3.3.5 for AWS Canaries.

Option 2: Masking of Sensitive Data in the Console - sensitive data will be relayed to the Console by the Canary, but the Console will not include that sensitive data in an alert notification via email or SMS. This is supported for all Canary versions.

Option 1: Masking of Sensitive Data on the Canary

Step 1: 

Log in to your Console.

Step 2:

Click on the Canary, and then hit the Gear icon on the bottom right of the summary screen.

Step 3:

On the Canary's configuration screen, click the toggle to enable Masking of Sensitive Data in Alerts

That's it, you're done!

Option 2: Masking of Sensitive Data on the Console

Step 1:

Log in to your Console.

Step 2:

1 - Click on the Gear Icon.

2 - Click on Global Settings.

Step 3:

Enable Mask Sensitive Data.

You're done!