> ## Documentation Index
> Fetch the complete documentation index at: https://ancplua.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# AL0088 - Sensitive data in span attribute

> Do not leak passwords, tokens, or secrets to telemetry

Source: [Al0088SensitiveDataInAttributeAnalyzer.cs](https://github.com/ANcpLua/ANcpLua.Analyzers/blob/main/src/ANcpLua.Analyzers/Analyzers/Al0088SensitiveDataInAttributeAnalyzer.cs)

## Description

Span attributes should not contain sensitive data such as passwords, API keys, tokens, or connection strings. Telemetry data is typically stored with fewer access controls than secrets.

## Bad Code

```csharp theme={null}
activity?.SetTag("auth.token", bearerToken);
activity?.SetTag("db.connection_string", connString);
```

## Good Code

```csharp theme={null}
activity?.SetTag("auth.type", "bearer");
activity?.SetTag("db.system", "postgresql");
```

## Properties

* **Category**: OpenTelemetry
* **Severity**: Warning
* **Enabled by default**: True
* **Code fix available**: False

## Configuration

```editorconfig theme={null}
dotnet_diagnostic.AL0088.severity = warning
```
