Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions contents/docs/error-tracking/code-variables/python.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,57 @@ with new_context():
mask_patterns_will_only_apply_to_this_method()
```

### Detecting secrets automatically

As a last resort, the SDK also scans captured variable *values* for high-entropy secrets that name-based masking misses — API keys, tokens, and strong passwords in innocuously-named variables — and replaces them with `***`. It recognizes common key formats (OpenAI, Anthropic, AWS, Stripe, GitHub, and more) and random high-entropy strings, while leaving identifiers like UUIDs, hashes, file paths, and URLs untouched.

This is enabled by default. To disable it globally:

```python
posthog = Posthog(
"<ph_project_token>",
enable_exception_autocapture=True,
capture_exception_code_variables=True,
code_variables_detect_secrets=False,
)
```

Or for a specific code block using contexts:

```python
with new_context():
set_code_variables_detect_secrets_context(False)
detection_disabled_only_here()
```

### Masking connection string credentials

Credentials embedded in connection strings and URLs are scrubbed automatically, regardless of the variable name. Only the credentials are replaced — the scheme, host, and path are kept so the value stays useful for debugging:

```
postgresql://user:password@db.example.com:5432/mydb
→ postgresql://***@db.example.com:5432/mydb
```

This is enabled by default. To disable it globally:

```python
posthog = Posthog(
"<ph_project_token>",
enable_exception_autocapture=True,
capture_exception_code_variables=True,
code_variables_mask_url_credentials=False,
)
```

Or for a specific code block using contexts:

```python
with new_context():
set_code_variables_mask_url_credentials_context(False)
masking_disabled_only_here()
```

### Ignoring variables

Variable names matching ignore patterns are not captured at all. This is useful for excluding internal variables, temporary data, or framework-specific variables that don't provide debugging value.
Expand Down
Loading