The Bearer Agent is designed with your data privacy in mind. By default, each agent, regardless of your platform, blocks common authentication credentials and secrets that may exist in headers, query parameters, and the request/response body.

By default, the Bearer Agents match against the following patterns:

Values for keys that match the following regular expressions:

  • ^authorization$
  • ^password$
  • ^secret$
  • ^passwd$
  • ^api.?key$
  • ^access.?token$
  • ^auth.?token$
  • ^credentials$
  • ^mysql_pwd$
  • ^stripetoken$
  • ^card.?number.?$
  • ^secret$
  • ^client.?id$
  • ^client.?secret

Any values matching the following regular expressions (case insensitive):

  • [a-zA-Z0-9]{1}[a-zA-Z0-9.!#$%&’*+=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*
  • (?:\\d[ -]*?){13,16}

To learn more about configuring agents with further sanitization options, view the documentation for your platform's agent:

Did this answer your question?