feat(python): Update EventScrubber docs with new pii denylist (#11154)

getsentry · Sep 23, 2024 · 9718351 · 9718351
1 parent ef40aaf
commit 9718351
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/docs/platforms/python/configuration/options.mdx b/docs/platforms/python/configuration/options.mdx
@@ -111,7 +111,7 @@ If you enable this option, be sure to manually remove what you don't want to sen
 
 <ConfigKey name="event-scrubber">
 
-If <PlatformIdentifier name="send-default-pii" /> is turned off, scrubs the event payload for sensitive information from a `denylist`. See how to [configure the scrubber here](../../data-management/sensitive-data/#event-scrubber).
+Scrubs the event payload for sensitive information such as cookies, sessions, and passwords from a `denylist`. It can additionally be used to scrub from another `pii_denylist` if <PlatformIdentifier name="send-default-pii" /> is disabled. See how to [configure the scrubber here](../../data-management/sensitive-data/#event-scrubber).
 
 </ConfigKey>
 

diff --git a/platform-includes/configuration/event-scrubber/python.mdx b/platform-includes/configuration/event-scrubber/python.mdx
@@ -1,4 +1,6 @@
-If <PlatformIdentifier name="send-default-pii" /> is set to `False`, the default scrubber implementation will run automatically and filter anything in the [`denylist`](https://github.com/getsentry/sentry-python/blob/1.18.0/sentry_sdk/scrubber.py#L17-L58) from [potentially sensitive interfaces](/platforms/python/data-collected/) in the event payload.
+The default scrubber implementation will run automatically and filter anything in the [`denylist`](https://github.com/getsentry/sentry-python/blob/4b361c5c008aec1a33cf521014edc0297fbf89c1/sentry_sdk/scrubber.py#L15-L56) from [potentially sensitive interfaces](/platforms/python/data-collected/) in the event payload. These are typically security values such as passwords, authentication, sessions, cookies, and CSRF tokens.
+
+Additionally, if <PlatformIdentifier name="send-default-pii" /> is set to `False`, the scrubber will also filter from a separate `pii_denylist` that typically has PII values such as IP addresses.
 
 ```python
 import sentry_sdk
@@ -11,18 +13,19 @@ sentry_sdk.init(
 )
 ```
 
-You can also pass in a custom `denylist` to the `EventScrubber` class and filter additional fields that you want.
+You can also pass in a custom `denylist` or `pii_denylist` to the `EventScrubber` class and filter additional fields that you want. Make sure you extend the current lists if you want to use the default lists as well.
 
 ```python
-from sentry_sdk.scrubber import EventScrubber, DEFAULT_DENYLIST
+from sentry_sdk.scrubber import EventScrubber, DEFAULT_DENYLIST, DEFAULT_PII_DENYLIST
 
 # custom denylist
 denylist = DEFAULT_DENYLIST + ["my_sensitive_var"]
+pii_denylist = DEFAULT_PII_DENYLIST + ["my_private_var"]
 
 sentry_sdk.init(
     # ...
     send_default_pii=False,
-    event_scrubber=EventScrubber(denylist=denylist),
+    event_scrubber=EventScrubber(denylist=denylist, pii_denylist=pii_denylist),
 )
 ```