From 72a599d12d1525d835ea03c96101e4f1a5a45d7d Mon Sep 17 00:00:00 2001
From: Andrey Slotin <andrey.slotin@instana.com>
Date: Wed, 12 Aug 2020 14:58:05 +0200
Subject: [PATCH] Document secrets filtering in README

---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/README.md b/README.md
index abaa6dc46..bd9e928eb 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,7 @@ The Instana Go sensor consists of two parts:
 * [Common Operations](#common-operations)
   * [Setting the sensor log output](#setting-the-sensor-log-output)
   * [Trace Context Propagation](#trace-context-propagation)
+  * [Secrets Filtering](#secrets-filtering)
   * [HTTP servers and clients](#http-servers-and-clients)
     * [Instrumenting HTTP request handling](#instrumenting-http-request-handling)
     * [Instrumenting HTTP request execution](#instrumenting-http-request-execution)
@@ -177,8 +178,17 @@ func MyFunc(ctx context.Context) {
 }
 ```
 
+### Secrets Filtering
+
+Certain instrumentations provided by the Go sensor package, e.g. the [HTTP servers and clients](#http-servers-and-clients) wrappers, collect data that may contain sensitive information, such as passwords, keys and secrets. To avoid leaking these values the Go sensor replaces them with `<redacted>` before sending to the agent. The list of parameter name matchers is defined in `com.instana.secrets` section of the [Host Agent Configuration file](https://www.instana.com/docs/setup_and_manage/host_agent/configuration/#secrets) and will be sent to the in-app tracer during the announcement phase (requires agent Go trace plugin `com.instana.sensor-golang-trace` v1.3.0 and above).
+
+The default setting for the secrets matcher is `contains-ignore-case` with following list of terms: `key`, `password`, `secret`. This would redact the value of a parameter which name _contains_ any of these strings ignoring the case.
+
 ### HTTP servers and clients
 
+The Go sensor module provides instrumentation for clients and servers that use `net/http` package. Once activated (see below) this
+instrumentation automatically collects information about incoming and outgoing requests and sends it to the Instana agent. See the [instana.HTTPSpanTags][instana.HTTPSpanTags] documentation to learn which call details are collected.
+
 #### Instrumenting HTTP request handling
 
 With support to wrap a `http.HandlerFunc`, Instana quickly adds the possibility to trace requests and collect child spans, executed in the context of the request span.
@@ -351,3 +361,4 @@ For more examples please consult the [godoc][godoc].
 [pkg.go.dev]: https://pkg.go.dev/github.com/instana/go-sensor
 [instana.TracingHandlerFunc]: https://pkg.go.dev/github.com/instana/go-sensor/?tab=doc#TracingHandlerFunc
 [instana.RoundTripper]: https://pkg.go.dev/github.com/instana/go-sensor/?tab=doc#RoundTripper
+[instana.HTTPSpanTags]: https://pkg.go.dev/github.com/instana/go-sensor/?tab=doc#HTTPSpanTags