Sentry Relay offers enterprise-grade data security by providing a standalone service that acts as a middle layer between your application and sentry.io.
Relay is specifically designed to:
- Scrub personally identifiable information (PII) in a central place prior to sending it to Sentry
- Improve event response time in regions with low bandwidth or limited connectivity
- Act as an opaque proxy for organizations that restrict all HTTP communication to a custom domain name
managed mode is available only on the Business and Enterprise plans.
Use Cases for Relay
Relay is designed to support organizations that have specific enterprise security requirements for data scrubbing of personally identifiable information (PII), response time, and enterprise domain management.
PII Data Scrubbing
Sentry already scrubs PII in two places:
- In the SDK before sending the event
- Upon arrival on Sentry's infrastructure
Relay adds a third option that scrubs data in a central place prior to sending it to Sentry.
To choose the right place for data scrubbing, consider:
If you prefer to configure data scrubbing in a central place, you can let Sentry handle it. When an event arrives, Sentry will immediately apply server-side scrubbing.
If you can't send PII outside your infrastructure, but still prefer to configure data scrubbing in a centralized place, configure your SDK to send events to Relay, which uses the privacy settings configured in Sentry, and scrubs PII before forwarding any data.
If you must enforce strict data privacy requirements, you can configure SDKs to scrub PII using the
beforeSendTransactionhooks, which will prevent data from being collected on the device. This may require you to replicate the same logic across your applications, and may impact performance.
Relay responds very quickly to requests. Installing Relay close to your infrastructure will further improve the response time when sending events. This installation approach can particularly reduce the roundtrip time in remote locations.
Enterprise Domain Management
By default, SDKs need to be configured with a Data Source Name (DSN) that points to
sentry.io. If you need to restrict all HTTP communication to a custom domain name, Relay can act as an opaque proxy that reliably forwards events to Sentry.
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) to suggesting an update ("yeah, this would be better").