Sensitive data containers


I would like to ask you in logs of which containers can sensitive user data appear? If sensitive data appear in some containers, how would such logs look like?

We need it for security compliance.

Thank you!

By sensitive data, do you mean system/component/database access credentials or sensitive data in the customer or the agent message?

Primarily the customer and agent messages, but also I would like to know if any access credentials can appear in logs now that you mention it.

There’s no quarantining of an element of a message or the whole message marked as secured. However, this is planned for implementation in 4.x. Using the Bot NLU capabilities secure parts of the message will be identified and quarantined.
Only authorised users will then have access to secure parts of the message.
No clear timeline for its implementation, though.

In application logs password logging is not an intention. But, no validation/test of logs was done to ensure that no such passwords are being pushed to logs. We’ll ensure this as well in the next major release, i.e., 4.x.