Documentation Index
Fetch the complete documentation index at: https://docs.tell.rs/llms.txt
Use this file to discover all available pages before exploring further.
The redact transform removes or pseudonymizes personally identifiable information before data leaves your pipeline. It ships with 11 built-in patterns for common PII types and supports custom regex for anything else.
Quick start
Redact all emails and IP addresses:
[[routing.rules.transformers]]
type = "redact"
patterns = ["email", "ipv4"]
scan_all = true
[REDACTED]. To keep data linkable across events, use hashing instead:
[[routing.rules.transformers]]
type = "redact"
strategy = "hash"
hash_key = "your-secret-key"
patterns = ["email", "ipv4"]
scan_all = true
usr_7kJ9mNpQ3xYz — the same input always produces the same hash, so you can still correlate events without storing raw PII.
Built-in patterns
| Pattern | Detects | Hash prefix |
|---|
email | Email addresses | usr_ |
phone | Phone numbers (international formats) | phn_ |
credit_card | Credit card numbers (13-19 digits) | cc_ |
ssn_us | US Social Security Numbers | ssn_ |
cpr_dk | Danish CPR numbers | cpr_ |
nino_uk | UK National Insurance Numbers | nin_ |
bsn_nl | Dutch BSN numbers | bsn_ |
ipv4 | IPv4 addresses | ip4_ |
ipv6 | IPv6 addresses | ip6_ |
passport | Passport numbers | pas_ |
iban | International Bank Account Numbers | iba_ |
Strategies
| Strategy | Output | Use when… |
|---|
redact (default) | [REDACTED] | You want PII completely removed |
hash | usr_7kJ9mNpQ3xYz | You need to correlate events without raw PII |
hash_key. Different keys produce different hashes, so each workspace can be isolated.
Targeted fields
Instead of scanning all strings (scan_all = true), you can target specific JSON paths for better performance:
[[routing.rules.transformers]]
type = "redact"
strategy = "hash"
hash_key = "your-secret-key"
[[routing.rules.transformers.fields]]
path = "user.email"
pattern = "email"
[[routing.rules.transformers.fields]]
path = "client_ip"
pattern = "ipv4"
strategy = "redact"
Custom patterns
Define your own regex patterns for domain-specific PII:
[[routing.rules.transformers]]
type = "redact"
strategy = "hash"
hash_key = "your-secret-key"
scan_all = true
[[routing.rules.transformers.custom_patterns]]
name = "employee_id"
regex = "EMP-\\d{6}"
prefix = "emp_"
[[routing.rules.transformers.custom_patterns]]
name = "order_id"
regex = "ORD-[0-9A-Z]{8}"
prefix = "ord_"
Reference
| Field | Default | Description |
|---|
type | — | "redact" |
strategy | "redact" | "redact" or "hash" |
hash_key | — | Secret key for HMAC-SHA256 (required if strategy = "hash") |
patterns | [] | Built-in pattern names to detect |
fields | [] | Targeted field objects: {path, pattern, strategy?} |
custom_patterns | [] | Custom regex objects: {name, regex, prefix} |
scan_all | false | Scan all string values (slower but comprehensive) |
enabled | true | Set to false to disable |
patterns, fields, or custom_patterns is required.
