@lumigo/node-core

node-core :stars:

This is @lumigo/node-core, Lumigo's Node.js agent core tracing logic for distributed tracing and performance monitoring. it is used by all our Node tracers to perform many of the shared logic across services

Supported NodeJS runtimes: 8.10, 10.x, 12.x, 14.x, 16.x, 18.x

Configuration

@lumigo/node-core offers several different configuration options. Pass these to the Lambda function as environment variables:

• LUMIGO_DEBUG=TRUE - Enables debug logging
• LUMIGO_SECRET_MASKING_REGEX='["regex1", "regex2"]' - Prevents Lumigo from sending values for keys that match the supplied regular expressions. All regular expressions are case-insensitive. We support also more granular masking using LUMIGO_SECRET_MASKING_REGEX_HTTP_REQUEST_BODIES, LUMIGO_SECRET_MASKING_REGEX_HTTP_REQUEST_HEADERS, LUMIGO_SECRET_MASKING_REGEX_HTTP_RESPONSE_BODIES, LUMIGO_SECRET_MASKING_REGEX_HTTP_RESPONSE_HEADERS, LUMIGO_SECRET_MASKING_REGEX_HTTP_QUERY_PARAMS and LUMIGO_SECRET_MASKING_REGEX_ENVIRONMENT. By default, Lumigo applies the following regular expressions: [".*pass.*", ".*key.*", ".*secret.*", ".*credential.*", ".*passphrase.*", ".*token.*"]. The "magic" value all will prevent any value to be sent to Lumigo.
• LUMIGO_DOMAINS_SCRUBBER='[".*secret.*"]' - Prevents Lumigo from collecting both request and response details from a list of domains. This accepts a comma-separated list of regular expressions that is JSON-formatted. By default, the tracer uses ["secretsmanager\..*\.amazonaws\.com", "ssm\..*\.amazonaws\.com", "kms\..*\.amazonaws\.com"]. Note - These defaults are overridden when you define a different list of regular expressions.

Functionality

Secret masking

Secrets scrubbing by list for regexes:

• support only json data secrets scrubbing