Back to guidesGuide

Use OBI header enrichment to scope incidents without leaking secrets

A practical guide to adding tenant and segment context to traces with OpenTelemetry eBPF Instrumentation while keeping a strict allowlist and security validation.

Configure OpenTelemetry eBPF Instrumentation to enrich traces with useful headers, obfuscate credentials, and validate that incident response gains context without exposing sensitive data.

Created: June 16, 2026

Published: June 16, 2026

Estimated time35 min
LevelAdvanced
Before you startA test Kubernetes cluster with OBI or an equivalent OpenTelemetry eBPF Instrumentation setup.
PlatformsLinux
WhatsAppXLinkedIn

Linux

Validate the enrichment policy, restart OBI, and check traces/secrets from the terminal and tracing backend.

kubectlcurltrace backend access
Apply OBI configuration
kubectl -n observability apply -f obi-header-enrichment.yaml && kubectl -n observability rollout status ds/obi
Search traces by tenant
traceql 'resource.service.name="edge-gateway" && span.http.request.header.x-tenant-id="tenant-42"'

Content locked

This guide requires both steps before full content is available.

  • Click “Like” on this guide.
  • Share on WhatsApp, X, LinkedIn, or copy the link.

Access is automatically unlocked as soon as both steps are completed.