Description: Although Canary is designed not to hold sensitive data, someone (even an attacker) can attempt to log in to your Canary with legitimate credentials.
Of course, once credentials have been "given away" they should be rolled as a matter of good practice, but what if you have your alerts piped to Slack, Email, pager duty.... Did those real credentials now end up in all those channels?
Data Masking is the answer!
Note: You should definitely still roll those credentials, but this way it feels a little less icky.
Follow the steps below to enable Data Masking :
Log in to your Console.
Click on the Gear Icon and then Global Settings.
Enable Mask Sensitive Data.