By default, Cloudera Manager redacts known sensitive information from inclusion in
diagnostic bundles. Cloudera Manager uses a set of standard rules to redact passwords and
secrets. You can add additional redaction rules using regular expressions to specify data you
want to be redacted from the bundles.
-
To specify redaction rules for diagnostic bundles, go to and search for the Redaction
Parameters for Diagnostic Bundles parameter.
The edit
screen for the property displays.
- To add a new rule, click the
icon. You can add one of the
following:
- Credit Card numbers (with
separator)
- Social Security Card numbers (with
separator)
- Email addresses
- Custom rule (You must
supply values for the Search
and Replace fields, and
optionally, the Trigger
field.)
- To modify a new rule, click the
icon. - Edit the redaction rules as needed. Each rule has a description field where you can
enter free text describing the rule and you can modify the following three fields:
- Search - Regular expression to compare against the data. For example, the
regular expression \d{4}[^\w]\d{4}[^\w]\d{4}[^\w]\d{4}
searches for a credit card number pattern. Segments of data that match the regular
expression are redacted using the Replace string.
- Replace - String used to redact (obfuscate) data, such as a pattern of Xs to
replace digits of a credit card number:
XXXX-XXXX-XXXX-XXXX.
- Trigger - Optional simple string to be searched before applying the regular
expression. If the string is found, the redactor searches for matches using the Search
regular expression. Using the Trigger field improves performance: simple string
matching is faster than regular expression matching.
- To delete a redaction rule, click the
icon. - Click Save Changes.
