Secure Tenancy is planned to be End-of-Life at the end of 2022 in favor of built-in security enhancements.
Existing customers using Secure Tenancy will continue to be supported on Honeycomb Classic until this time.
Product Limitations When Using Secure Tenancy
In general, Honeycomb will continue to work the same way it does without Secure Tenancy.
However there are some limitations imposed by the Secure Proxy:
- Because the storage engine cannot look at the real content of columns, string-based derived-column functions are not available.
Consults the list of available derived column functions.
- Because the storage engine cannot see the real names of columns, some things that have a default configuration (including Traces and the APM Home experience) require manual configuration.
- Because the storage engine cannot look at the real content of columns, we cannot do the sort of substring matching that would be required to make the Query History Search feature truly useful.
This page shows Query History only.
- Because all team members need access to the team’s API Key in order for the browser to unmask encrypted data, redacting API keys is not available.
- When using data encryption, the maximum possible length of string columns is shortened from 65536 bytes to 49127 bytes.
The proxy will silently truncate strings longer than 49127 bytes before encrypting/encoding them and sending them on to Honeycomb.
- AWS Cloudwatch Metrics cannot currently be used with Secure Tenancy.
- Because all queries are masked unconditionally before being sent to the backend, it is currently not possible to use a derived column in a query.
- Sampling data with Honeycomb Refinery is compatible with Secure Tenancy.
While the Sample Rate is shown in Raw Data, it is not currently possible in the Honeycomb UI to query against the Sample Rate in “Usage Mode”.
- As Search requires the ability to index names for things, but because names are encrypted with Secure Tenancy, they cannot be searched.
- Because we can not determine service names from traces, service datasets can not be created.
Environments and Service-related features are not available.
In the Secure Tenancy model, Honeycomb does not have access to the meaning of string values for columns.
As a result, some derived column functions are not available or operate slightly differently under Secure Tenancy.
None of the string functions are available; in addition, functions that coerce strings to values will not do so.
The following functions can be used in derived column expressions.
List of Allowed Functions