Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document that baggage is sent to external APIs by automatic instrumetation #3530

Merged
merged 4 commits into from
Nov 22, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 13 additions & 8 deletions content/en/docs/concepts/signals/baggage.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,22 +32,27 @@ retrieve information.

## What should OTel Baggage be used for?

OTel Baggage should be used for data that you're okay with potentially exposing
to anyone who inspects your network traffic. This is because it's stored in HTTP
headers alongside the current context. If your relevant network traffic is
entirely within your own network, then this caveat may not apply.

Common use cases include information that’s only accessible further up a stack.
This can include things like Account Identification, User IDs, Product IDs, and
origin IPs, for example. Passing these down your stack allows you to then add
them to your Spans in downstream services to make it easier to filter when
you’re searching in your Observability back-end.

There are no built-in integrity checks to ensure that the Baggage items are
yours, so exercise caution when retrieving them.

![OTel Baggage](/img/otel-baggage-2.svg)

## Baggage security considerations

Sensitive Baggage items could be shared with unintended resources, like
third-party APIs. This is because automatic instrumentation includes Baggage in
most of your service’s network requests. Specifically, Baggage and other parts
of trace context are sent in HTTP headers, making it visible to anyone
inspecting your network traffic. If traffic is restricted within your network,
then this risk may not apply, but keep in mind that downstream services could
propagate Baggage outside your network.

Also, there are no built-in integrity checks to ensure that Baggage items are
yours, so exercise caution when retrieving them.

## Baggage is not the same as Span attributes

One important thing to note about Baggage is that it is not a subset of the
Expand Down