In general, Honeycomb will continue to work the same way it does without Secure Tenancy.
However there are some limitations imposed by the Secure Proxy:
Because the storage engine cannot look at the real content of columns, string-based derived-column functions are not available.
Consults the list of available derived column functions.
Because the storage engine cannot see the real names of columns, some things that have a default configuration (including Traces and the APM Home experience) require manual configuration.
Because the storage engine cannot look at the real content of columns, we cannot do the sort of substring matching that would be required to make the Query History Search feature truly useful.
This page shows Query History only.
Because all team members need access to the team’s API Key in order for the browser to unmask encrypted data, redacting API keys is not available.
When using data encryption, the maximum possible length of string columns is shortened from 65536 bytes to 49127 bytes.
The proxy will silently truncate strings longer than 49127 bytes before encrypting/encoding them and sending them on to Honeycomb.
AWS Cloudwatch Metrics cannot currently be used with Secure Tenancy.
Because all queries are masked unconditionally before being sent to the backend, it is currently not possible to use a derived column in a query.
Sampling data with Honeycomb Refinery is compatible with Secure Tenancy.
While the Sample Rate is shown in Raw Data, it is not currently possible in the Honeycomb UI to query against the Sample Rate in Usage Mode.
As Search requires the ability to index names for things, but because names are encrypted with Secure Tenancy, they cannot be searched.
In the Secure Tenancy model, Honeycomb does not have access to the meaning of string values for columns.
As a result, some derived column functions are not available or operate slightly differently under Secure Tenancy.