LogoLogo
HomeApplicationBlog
  • WELCOME
    • Overview
    • Quickstart
    • Key Features
    • Demo
  • ONBOARDING YOUR DATA
    • Getting started
    • Prerequisites
    • Integrations
      • Prometheus
        • Handling organization_id
        • Privacy and Security
      • CloudWatch
      • Datadog
      • Coming soon
      • Request integration
    • Self-hosting
      • Configuration yaml
      • Running locally with Docker
      • Running with Kubernetes (k8s)
    • Data API
      • Example implementation
    • Filters
      • Open source log parsing library
      • Data hashing & transformation
    • Custom adapters
  • API (BETA)
    • Authentication
    • Pagination
    • API Reference
  • How to's
    • Tutorials
      • Build a SLI
      • Build a SLO
      • Create an Organization
      • Build a SLA
      • Configure a SLA Portal
    • Guides
    • Glossary
  • MISC
    • Changelog
    • Join the Closed Beta
  • Legal
    • Terms of Service
    • Contributor License Agreement
    • Privacy Notice
Powered by GitBook
On this page
  • End-to-End Data Flow with PII Handling
  • Key Points
  1. ONBOARDING YOUR DATA
  2. Integrations
  3. Prometheus

Privacy and Security

PreviousHandling organization_idNextCloudWatch

Last updated 6 months ago

End-to-End Data Flow with PII Handling

slaOS does not perform any hashing or transformation of identifiers - it works with the data exactly as it exists in your Prometheus metrics. If you have privacy concerns about sensitive data, you'll need to handle the hashing in your systems before the data reaches Prometheus.

Here's how the data flows:

  1. Metrics in Prometheus

# Prometheus metrics (with sensitive data)
api_requests_total{
    customer_id="super_secret_user",  # Sensitive data
    endpoint="/api/v1/users"
} 150
  1. PromQL Query Configuration

queries:
  - query: 'sum by (customer_id, endpoint) (rate(api_requests_total[5m]))'
    step: 
      value: 60
      unit: "s"
    slaos_metric_name: "request_rate"
    organization_identifier: "customer_id"
    
# In filters config:
filters:
  version: 1
  fields:
    - name: "customer_id"  # This tells the parser to reference customer_id label
      hash: true           # Hashes customer_id labels
  1. Resulting slaOS JSON Payload

{
  "organization_id": "hashedabc123...",  # Hashed value sent
  "timestamp": "2024-10-30T23:29:00Z",
  "key": "prometheus_metrics",
  "idempotency_key": "4ac1f5c3524c05b379d3a23932756e0f156f17638b528559e62bb06dd4efbe6b",
  "values": {
    "request_rate": 0.5,
    "endpoint": "/api/v1/users"
  }
}

Key Points

  • slaOS passes through identifiers exactly as they appear in Prometheus

  • No hashing or transformation is performed by slaOS

  • If you need to protect sensitive data, handle the hashing in your systems before it reaches Prometheus

  • You are responsible for maintaining any mapping between original and hashed identifiers in your secure systems

Data hashing & transformation