Redaction
LLM traces frequently include user-generated content. Treat tracing data with the same rigor as application logs and data pipelines.
What to redact
- authentication secrets (API keys, tokens, cookies)
- passwords and one-time codes
- payment details
- PII (depending on your policy): emails, phone numbers, addresses, names
- raw documents if licensing or privacy requires it
Redact early
Redact before emitting events/spans. Do not rely on UI-only masking.
Recommended strategy
- allowlist safe fields (preferred)
- for user content, store:
- short summaries
- hashes
- document ids / chunk ids instead of bodies
Truncation
Even when content is safe, large payloads hurt performance and usability.
- cap long strings (e.g. 4–16KB)
- store pointers to blobs in your storage when needed