Sidekick agents run in the user application, collect monitoring data (traces, metrics, logs) from both the running application itself and the underlying container, and send them to Sidekick Collector API to be ingested. Collected monitoring data is sent through HTTPS (TLS) securely. Authentication is done by the provided API keys, which are sent in the request headers to sing the request, by Sidekick Console. After processing, received data is stored encrypted by AWS KMS at rest. By default, all integrations (AWS SQS, AWS SNS, AWS Lambda, …, MySQL, PostgreSQL, HTTP, Redis, etc …) are enabled and they capture the outgoing requests (messages, queries, request bodies, commands, etc …). If there is sensitive data or you don’t want these requests data to be captured, you can always enable masking them by configuration so they won’t be traced. Additionally, the Sidekick agent can trace user codebase even method arguments, return values, and local variables when line by line tracing is enabled. These are disabled by default and we collected these low-level details only when you enable them.