v.22.12Improvement

Allow Removal of Sensitive Information from Exception Messages

Official CH changelog text
Allow the removal of sensitive information (see the query_masking_rules in the configuration file) from the exception messages as well. Resolves #41418. #42940 (filimonov).
ClickHouse now supports masking sensitive information in exception messages using query_masking_rules defined in the configuration file.

Why it matters

This feature prevents sensitive data from being exposed in error and exception messages, enhancing security and privacy by automatically removing or masking confidential information from logs and user-visible errors.

How to use it

Configure the query_masking_rules section in your ClickHouse server configuration file to define patterns for sensitive data masking. The masking will then also apply to exception messages, removing sensitive content when errors occur.

Related resources

PreviousNext