How to remove or mask sensitive information like credentials from tickets / articles?


Sometimes it happens that customers accidentally or on purpose do send sensitive information like passwords, api-tokens or even creditcard numbers (the latter did not happen, but just to make my point) via tickets.

Is there are way for agents to remove such information from tickets? Currently we do not see any “Edit content” functionality.

  • Used Zammad version: 4.0
  • Used Zammad installation type: docker-compose
  • Operating system: Linux, Debian
  • Browser + version: Chrome 90.0.4430.212

Expected behavior:

  • Agents have a way to remove or mask sensitive information from tickets / articles (ideally with a comment what they did).

Actual behavior:

  • Currently no way of editing a tickets content in the UI

Steps to reproduce the behavior:

  • Send an email with sensitive information.


A workaround we think of is to split the article into a new ticket, add a special tag like “alert-contains_credentials” and remove them via scheduler.

Disadvantage: You loose the full article, if you forget to manually copy the rest of the content as a note in the old ticket.

Is there a better approach? How are others dealing with sensitive information which should not reside in the system, but you don’t have control on what customers are sending? If this is a feature request, feel free to change the category.

Not being able to remove articles from UI (especially if they’re communication type) is part of the Zammad concept. While you can technically remove Articles via rails console I won’t recommend it to anybody. It leaves too much danger of removing the incorrect data.

Currently the only “valid” workflow is to remove the entire ticket. Technically you could split the articles away (and remove sensitive data where required) if you have to. I don’t know how often you run in above described situations. In my over 10 years support it happened once.

But maybe my customers are just more aware. :man_shrugging:

Oh it happens few times a month. Sure, it depends on the topics and kind of support / kind of customers. We are dealing with stuff where sensitive data sometimes is involved. Some customers are sometimes not careful or forget to use the suggested secure channels and just write it.

BTW: Your competitor Freshdesk has something related called Redaction Process feature and also Zendesk has a Redaction app. So not too unusual in my opinion.

Right now this is not something we can provide within core functionality.
If you believe Zammad should have such a function, please create a feature request on this board so the community can vote for it.

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.