Redaction of Sensitive Information from Diagnostic Bundles

By default, Cloudera Manager redacts known sensitive information from inclusion in diagnostic bundles. Cloudera Manager uses a set of standard rules to redact passwords and secrets. You can add additional redaction rules using regular expressions to specify data you want to be redacted from the bundles.

  1. To specify redaction rules for diagnostic bundles, go to Administration > Settings and search for the Redaction Parameters for Diagnostic Bundles parameter.
    The edit screen for the property displays.
  2. To add a new rule, click the icon. You can add one of the following:
    • Credit Card numbers (with separator)
    • Social Security Card numbers (with separator)
    • Email addresses
    • Custom rule (You must supply values for the Search and Replace fields, and optionally, the Trigger field.)
  3. To modify a new rule, click the icon.
  4. Edit the redaction rules as needed. Each rule has a description field where you can enter free text describing the rule and you can modify the following three fields:
    • Search - Regular expression to compare against the data. For example, the regular expression \d{4}[^\w]\d{4}[^\w]\d{4}[^\w]\d{4} searches for a credit card number pattern. Segments of data that match the regular expression are redacted using the Replace string.
    • Replace - String used to redact (obfuscate) data, such as a pattern of Xs to replace digits of a credit card number: XXXX-XXXX-XXXX-XXXX.
    • Trigger - Optional simple string to be searched before applying the regular expression. If the string is found, the redactor searches for matches using the Search regular expression. Using the Trigger field improves performance: simple string matching is faster than regular expression matching.
  5. To delete a redaction rule, click the icon.
  6. Click Save Changes.