Exclude OTLP header and Datadog key configs from telemetry

ext/configuration.h

@@ -45,7 +45,7 @@ enum datadog_sidecar_connection_mode {
     CONFIG(STRING, DD_AGENT_HOST, "localhost", .ini_change = zai_config_system_ini_change)                     \
     CONFIG(STRING, DD_DOGSTATSD_URL, "http://localhost:8125")                                                  \
     CONFIG(STRING, DD_DOGSTATSD_HOST, "localhost")                                                             \
-    CONFIG(STRING, DD_API_KEY, "", .ini_change = zai_config_system_ini_change)                                 \
+    CONFIG(STRING, DD_API_KEY, "", .ini_change = zai_config_system_ini_change, .sensitive = true)              \
     CONFIG(INT, DD_DOGSTATSD_PORT, "8125")                                                                     \
     CONFIG(STRING, DD_ENV, "", .ini_change = datadog_alter_dd_env,                                             \
            .env_config_fallback = ddtrace_conf_otel_resource_attributes_env)                                   \
@@ -59,7 +59,7 @@ enum datadog_sidecar_connection_mode {
     CONFIG(BOOL, DD_TRACE_CLI_ENABLED, "true")                                                                 \
     CONFIG(BOOL, DD_TRACE_DEBUG, "false", .ini_change = datadog_alter_dd_trace_debug)                          \
     CONFIG(BOOL, DD_TRACE_ENABLED, "true", .ini_change = datadog_alter_dd_trace_disabled_config,               \
-           .env_config_fallback = ddtrace_conf_otel_traces_exporter)                                           \
+           .env_config_fallback = ddtrace_conf_otel_traces_exporter, .sensitive = true)                        \
     CONFIG(BOOL, DD_INSTRUMENTATION_TELEMETRY_ENABLED, "true", .ini_change = zai_config_system_ini_change)     \
     CONFIG(BOOL, DD_TRACE_HEALTH_METRICS_ENABLED, "false", .ini_change = zai_config_system_ini_change)         \
     CONFIG(DOUBLE, DD_TRACE_HEALTH_METRICS_HEARTBEAT_SAMPLE_RATE, "0.001")                                     \

ext/telemetry.c

@@ -98,8 +98,7 @@ void datadog_telemetry_finalize() {
 #if ZTS
             ini = zend_hash_find_ptr(EG(ini_directives), ini->name);
 #endif
-            if (cfg->names[0].len != sizeof("DD_TRACE_ENABLED") - 1
-                || memcmp(cfg->names[0].ptr, "DD_TRACE_ENABLED", sizeof("DD_TRACE_ENABLED") - 1) != 0) { // DD_TRACE_ENABLED is meaningless: always off at rshutdown
+            if (!cfg->sensitive) {
                 ddog_ConfigurationOrigin origin = DDOG_CONFIGURATION_ORIGIN_ENV_VAR;
                 switch (cfg->name_index) {
                     case ZAI_CONFIG_ORIGIN_DEFAULT:

loader/tests/functional/test_configuration_telemetry.php

@@ -11,6 +11,8 @@
     'DD_INJECT_FORCE=true',
     'DD_INJECTION_ENABLED=tracer', // Normally set by the injector
     'DD_SERVICE=loader',
+    'DD_API_KEY=SENTINEL_DD_API_KEY',
+    'DD_VERSION=1.2.3-loader-test',
 ]);
 
 assertMatchesFormat($output, '%A"loaded_by_ssi":true%s%A');
@@ -22,3 +24,13 @@
 assertContains($content, '{"name":"instrumentation_source","value":"ssi","origin":"default","config_id":null,"seq_id":null}');
 assertContains($content, '{"name":"ssi_injection_enabled","value":"tracer","origin":"env_var","config_id":null,"seq_id":null}');
 assertContains($content, '{"name":"ssi_forced_injection_enabled","value":"True","origin":"env_var","config_id":null,"seq_id":null}');
+
+// Sensitive configurations are excluded from configuration telemetry: neither
+// the name nor the value is enqueued. DD_API_KEY and DD_TRACE_ENABLED carry the
+// `sensitive` flag.
+assertNotContains($content, 'SENTINEL_DD_API_KEY');
+assertNotContains($content, '"name":"DD_API_KEY"');
+assertNotContains($content, '"name":"DD_TRACE_ENABLED"');
+
+// Non-sensitive configurations are still reported.
+assertContains($content, '{"name":"DD_VERSION","value":"1.2.3-loader-test","origin":"env_var","config_id":null,"seq_id":null}');

metadata/supported-configurations.json

@@ -12,7 +12,8 @@
       {
         "implementation": "C",
         "type": "string",
-        "default": ""
+        "default": "",
+        "sensitive": true
       }
     ],
     "DD_API_SECURITY_ENABLED": [
@@ -1103,7 +1104,8 @@
       {
         "implementation": "A",
         "type": "boolean",
-        "default": "true"
+        "default": "true",
+        "sensitive": true
       }
     ],
     "DD_TRACE_EXEC_ANALYTICS_ENABLED": [

profiling/src/bindings/mod.rs

@@ -701,6 +701,7 @@ pub struct ZaiConfigEntry {
     pub parser: zai_custom_parse,
     pub displayer: zai_custom_display,
     pub env_config_fallback: zai_env_config_fallback,
+    pub sensitive: bool,
 }
 
 #[repr(C)]
@@ -717,6 +718,7 @@ pub struct ZaiConfigMemoizedEntry {
     pub parser: zai_custom_parse,
     pub displayer: zai_custom_display,
     pub env_config_fallback: zai_env_config_fallback,
+    pub sensitive: bool,
     pub original_on_modify: Option<
         unsafe extern "C" fn(
             entry: *mut zend_ini_entry,

profiling/src/config.rs

@@ -1019,6 +1019,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_profiling_enabled),
                     displayer: Some(display_profiling_enabled),
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingExperimentalFeaturesEnabled),
@@ -1031,6 +1032,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingEndpointCollectionEnabled),
@@ -1043,6 +1045,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingExperimentalCpuTimeEnabled),
@@ -1055,6 +1058,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingAllocationEnabled),
@@ -1067,6 +1071,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingAllocationSamplingDistance),
@@ -1079,6 +1084,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_sampling_distance_filter),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingExperimentalHeapLiveEnabled),
@@ -1091,6 +1097,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingTimelineEnabled),
@@ -1103,6 +1110,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingExceptionEnabled),
@@ -1115,6 +1123,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingExceptionMessageEnabled),
@@ -1127,6 +1136,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingExceptionSamplingDistance),
@@ -1139,6 +1149,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_sampling_distance_filter),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingExperimentalIOEnabled),
@@ -1151,6 +1162,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingLogLevel),
@@ -1163,6 +1175,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_level_filter),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(ProfilingOutputPprof),
@@ -1175,6 +1188,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_utf8_string),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 // At the moment, wall-time cannot be fully disabled. This only
                 // controls automatic collection (manual collection is still
@@ -1190,6 +1204,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(AgentHost),
@@ -1202,6 +1217,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_utf8_string),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(Env),
@@ -1214,6 +1230,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_utf8_string),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(Service),
@@ -1226,6 +1243,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_utf8_string),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(Tags),
@@ -1242,6 +1260,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: None,
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(TraceAgentPort),
@@ -1254,6 +1273,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_utf8_string),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(TraceAgentUrl),
@@ -1266,6 +1286,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_utf8_string),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(Version),
@@ -1278,6 +1299,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_utf8_string),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(GitCommitSha),
@@ -1290,6 +1312,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_utf8_string),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
                 zai_config_entry {
                     id: transmute::<ConfigId, u16>(GitRepositoryUrl),
@@ -1302,6 +1325,7 @@ pub(crate) fn minit(module_number: libc::c_int) {
                     parser: Some(parse_utf8_string),
                     displayer: None,
                     env_config_fallback: None,
+                    sensitive: false,
                 },
             ]
         };

src/DDTrace/OpenTelemetry/Configuration.php

@@ -23,9 +23,9 @@
     'OTEL_EXPORTER_OTLP_METRICS_ENDPOINT',
     'OTEL_EXPORTER_OTLP_LOGS_ENDPOINT',
     'OTEL_EXPORTER_OTLP_ENDPOINT',
-    'OTEL_EXPORTER_OTLP_METRICS_HEADERS',
-    'OTEL_EXPORTER_OTLP_LOGS_HEADERS',
-    'OTEL_EXPORTER_OTLP_HEADERS',
+    // The OTLP header configurations (OTEL_EXPORTER_OTLP_HEADERS,
+    // OTEL_EXPORTER_OTLP_METRICS_HEADERS, OTEL_EXPORTER_OTLP_LOGS_HEADERS) are
+    // sensitive and intentionally not tracked for configuration telemetry.
     'OTEL_EXPORTER_OTLP_METRICS_TIMEOUT',
     'OTEL_EXPORTER_OTLP_LOGS_TIMEOUT',
     'OTEL_EXPORTER_OTLP_TIMEOUT',