Configuration

Bearer agent configuration options

Configuring the Agent

The Bearer Agent can be configured when it is initialized.

Node.js
Ruby
Node.js

The Bearer Agent allows you to update the configuration in your code using the following syntax after installing and requiring the @bearer/node-agent package:

Bearer.init({
logLevel: "RESTRICTED",
secretKey: "your secret key",
ignored: ["domain.com", "example.com"],
stripSensitiveData: true,
stripSensitiveKeys: /^authorization$/,
stripSensitiveRegex: /we have to keep it secret$/
}).then(() => {
console.log("Bearer Initialized")
})

The Bearer Agent is asynchronous. If initializing at the top level we suggest using theBearer.init({ ... }).then( () => { ... })approach, however you can use async/await where it is supported.

Ruby

The Bearer Agent allows you to update the configuration in your code using the following syntax:

Bearer.init_config do |config|
config.secret_key = "YOUR_BEARER_SECRET_KEY" # Required, string: Your Bearer private key
config.disabled = false # Optional, boolean: enable/disable Bearer tracking globally
config.ignored = [] # Optional, string[]: ignore requests to specific domains
config.log_level = :ALL # Optional, "ALL" | "RESTRICTED": defaults to "ALL" set the level of information you want the agent to gather
config.strip_sensitive_data = true # Optional, boolean: Remove sensitive data before sending it to bearer.sh
config.strip_sensitive_keys = [/^authorization$/i, /^client.id$/i, /^access.token$/i, /^client.secret$/i] # Optional, Regexp[]: list of keys to strip.
config.strip_sensitive_regex = %r{[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*} # Optional, Regexp: Regular expression used for value stripping.
end

Available Configuration Options

The following is a list of all available configuration options. They can be applied through any of the available configuration methods.

Node.js

Ruby

Role

secretKey

secret_key

Your Bearer Secret Key (required)

disabled

disabled

When set, the Bearer agent is disabled (whatever the value is)

ignored

ignored

An array of domains you do not want monitored by the Agent

logLevel

log_level

Set the level of information you want the agent to gather. Valid values are ALL (to send full request and response) or RESTRICTED (to send only the path and query string).

throttleDisabled

This option is not yet available in Ruby

When set, Bearer syncs logs immediately after the request is made. Enabling throttling will only affect "RESTRICTED" log entries which would be sent in batches.

stripSensitiveData

strip_sensitive_data

Remove sensitive data before sending it to bearer.sh (defaults to true)

stripSensitiveKeys

strip_sensitive_keys

Regular expression used for key name values to strip (default /^authorization$|^client.?id$|^access.?token$|^client.?secret$/i)

stripSensitiveRegex

strip_sensitive_regex

Regular expression used for value stripping (default email pattern)

Node.js
Ruby
Node.js

You can update your node-agent configuration by creating bearer.json configuration file at the same level as the package.json file.

If you want to save the configuration file in another directory, you must tell Bearer agent where to find it. You can do this by using the BEARER_AGENT_CONFIG_FILE environment variable, like this:

BEARER_AGENT_CONFIG_FILE=/absolute/path/to/bearer.json node index.js

Below you can find configuration options that we currently support:

{
logLevel: "RESTRICTED",
secretKey: "your secret key",
ignored: ["domain.com", "example.com"],
stripSensitiveData: true,
stripSensitiveKeys: /^authorization$/,
stripSensitiveRegex: /we have to keep it secret$/
}
Ruby

You can update your node-agent configuration by creating earer.yml configuration file in root source of your project or in ./config directory. If you have a project running in /usr/projects/my_integrations_project bearer will try to find bearer.yml file using the following paths:

  • /usr/projects/my_integrations_project/bearer.yml

  • /usr/projects/my_integrations_project/config/bearer.yml

If you want to save the configuration file in another directory, you must tell Bearer agent where to find it. You can do this by using the BEARER_AGENT_CONFIG_FILE environment variable, like this:

BEARER_AGENT_CONFIG_FILE=/absolute/path/to/bearer.yml ruby index.rb

Below you can find configuration options we currently support:

---
secret_key: secret <!-- Required, string: Your Bearer private key -->
disabled: false <!-- Optional, boolean: enable/disable Bearer tracking globally -->
ignored: [] <!-- Optional, string[]: ignore requests to specific domains -->
log_level: ALL <!-- Optional, "ALL" | "RESTRICTED": defaults to "ALL" set the level of information you want the agent to gather -->
strip_sensitive_data: true <!-- Optional, boolean: Remove sensitive data before sending it to bearer.sh -->
strip_sensitive_keys: [/^authorization$/i, /^client.id$/i, /^access.token$/i, /^client.secret$/i] <!-- Optional, Regexp[]: list of keys to strip. -->
strip_sensitive_regex: %r{[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*} <!-- Optional, Regexp: Regular expression used for value stripping. -->

Communication with Bearer

The Bearer agent communicates with Bearer servers through HTTPS. The Agent requires your firewall to allow outgoing connections to agent.bearer.sh with port 443 (HTTPS).

By default, the Agent sends to the full payload of each HTTP request (including both the request and the response) to Bearer. By default and for your own security, the Authorization header is filtered and will not be shared with Bearer. T

The agent offers more options to reduce the amount of sensitive information sent to Bearer, including:

  • ignored to ignore some domains (e.g. ["example.com", "secure.app"]);

  • logLevel(node) / log_level(ruby) to only log the path and query string of the requests.

What if Bearer is experiencing a downtime? The Bearer agent has been built with resiliency in mind. If, for any reason, Bearer servers are experiencing unexpected latency, this will not affect your application.