Setting up Sentry
Summary
sentry_sdk is very flexible in the way it lets you set up Sentry.
Setting up Sentry with Fillmore’s helper
Fillmore has a helper for setting up Sentry that aims for “least surprising”. This sets the following:
Sets
release
andhost_id
.Sets
send_default_pii=False
to reduce sensitive information leakage.Sets
auto_enabling_integrations=False
so Sentry doesn’t try to import things and then load the integration if they import. This does mean you need to make sure all the integrations you want loaded are specified inintegrations
argument.Adds the scrubber logger to the ignore logger list so that when Sentry is handling an event and the scrubber is scrubbing and logs an exception, that doesn’t cause Sentry to handle another event which could recurse indefinitely and be bad.
You can use it like this:
from fillmore.libsentry import set_up_sentry
from fillmore.scrubber import Scrubber, Rule
dsn = "some dsn"
release = "some identifier for this release of this app"
host_id = "some identifier of this host"
# Explicitly load integrations you approve
approved_integrations = [
...
]
# Set up a scrubber to scrub sensitive data from the Sentry event
scrubber = Scrubber(
rules=[
Rule( ... ),
Rule( ... ),
]
)
set_up_sentry(
sentry_dsn=dsn,
release=release,
host_id=host_id,
integrations=approved_integrations,
before_send=scrubber,
)
Setting up Sentry for applications with sensitive data
For applications with sensitive information, we’re doing something like this:
from fillmore.libsentry import set_up_sentry
from fillmore.scrubber import Scrubber, Rule
dsn = "some dsn"
release = "some identifier for this release of this app"
host_id = "some identifier of this host"
# Explicitly load integrations you approve
approved_integrations = [
...
]
# Set up a scrubber to scrub sensitive data from the Sentry event
scrubber = Scrubber(
rules=[
Rule( ... ),
Rule( ... ),
]
)
set_up_sentry(
sentry_dsn=dsn,
release=release,
host_id=host_id,
# Disable frame-local variables
with_locals=False,
# Disable request data from being added to Sentry events
request_bodies="never",
# All integrations should be intentionally enabled so you know exactly
# which are loaded and are adding data to the Sentry event even if
# there are changes in the sentry_sdk or your application
default_integrations=False,
integrations=[approved_integrations],
# Use a scrubber to remove sensitive data
before_send=scrubber,
)