Clarify limitations of attachment scrubbing (#12281)

Co-authored-by: David Herberth <[email protected]>
getsentry · Jan 9, 2025 · 8fd3e58 · 8fd3e58
1 parent 9aafe96
commit 8fd3e58
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/docs/security-legal-pii/scrubbing/attachment-scrubbing.mdx b/docs/security-legal-pii/scrubbing/attachment-scrubbing.mdx
@@ -32,7 +32,21 @@ All attachments can be selected using the `$attachments` [Value Type](../advance
 The filename must be in quotes to write a specific filename, but wildcards can also be used.
 
 For example, for the filename `minidump.dmp`, you can select all fields to be scrubbed using `$attachments.'minidump.dmp'.**`.
-To write the same using a wildcard to select all attachments, you would write `$attachments.*.**` or even simply `$attachments.**`.
+To write the same using a wildcard to select attachments with a specific file name, you would write `$attachments.'my_file.txt'.**` or even simply `$attachments.'my_file.txt'`.
+
+<Alert level="warning" title="Attachment scrubbing limitations">
+
+Sentry currently only has limited support for scrubbing attachments that are not minidumps. Only attachments that are explicitly selected by an [Advanced Data Scrubbing](../advanced-datascrubbing/) rule with a non-wildcard filename will actually be scrubbed. For example:
+
+```
+# Will be scrubbed:
+[Remove] [IP Addresses] from [$attachments.'foo.txt']
+
+# Will NOT be scrubbed:
+[Remove] [IP Addresses] from [$attachments.**]
+```
+
+</Alert>
 
 ### Minidump Selectors