When working with Posit Support, you will likely be asked to generate and share diagnostics for one or more of your Posit products. These diagnostics contain details about your product and select items from the system that allow us to troubleshoot the issue better, such as the name of the operating system, system logs, configuration files, and network connections.
Due to the nature of how these items are collected, sensitive data may be included if it is present in your environment, for instance, if it was written to system logs, saved as a global environment variable, or written into your settings files.
Before sending the diagnostics to Support, it is recommended that you sanitize any sensitive data based on your company's standards. Note that Posit Support is unable to determine what data may be considered sensitive to your company or organization. We recommend checking with your security staff if you have any questions about what information may need to be redacted.
This article outlines some of the areas that may be considered sensitive and the best approach for sanitizing them.
Running a Diagnostic Report
To generate a diagnostic report for your Posit product, follow the instructions outlined here: https://support.posit.co/hc/en-us/articles/200321257-Running-a-Diagnostic-Report.
Editing the Report
To sanitize an output file, open it in the text editor of your choice. In some cases, you may need to edit multiple files.
Passwords, Secrets, Access Tokens
Passwords, secrets, or access tokens can be replaced with the word REDACTED.
Note: The best practice is to encrypt passwords or secrets or store them in an environment variable. They should not be stored in plain text in your configurations.
More information about encrypting configuration values for each product can be found below.
Posit Workbench:
https://docs.posit.co/ide/server-pro/hardening/encryption.html#step-re-encrypt-configuration-values
Posit Connect:
https://docs.posit.co/connect/admin/appendix/configuration/#property-types
https://docs.posit.co/connect/admin/appendix/cli/#commands
Posit Package Manager:
https://docs.posit.co/rspm/admin/appendix/encryption/#configuration-encryption
Usernames, Server Names, URLs, Directories, Environment Variables
For items such as usernames, server names, URLs, directories, and environment variables, it is better to replace them with a value that we can correlate throughout the logs. For example, all occurrences of the username john.doe can be replaced with user1, and jane.doe with user2.
If you are required to completely remove something from the diagnostic, please let us know.
Comments