The New Relic Java agent default security settings automatically provide security for your APM data to ensure data privacy and to limit the kind of information New Relic receives. You may have business reasons to change these settings.
If you want to restrict the information that New Relic receives, you can enable high security mode. If high security mode or the default settings do not work for your business needs, you can apply custom settings.
For more information about New Relic's security measures, see our security and privacy documentation, or visit the New Relic security website.
Default security settings
Stack traces cannot be obfuscated and may contain sensitive information, including SQL queries. For more information about ignoring errors, see Java agent error configuration.
By default, here is how the New Relic Java agent handles the following potentially sensitive data::
- Request parameters: The agent does not capture HTTP request parameters.
- HTTPS: The agent communicates with New Relic using HTTPS.
- SQL: The agent sets SQL recording to
obfuscated, which removes the potentially sensitive numeric and string literal values.
High security mode settings
When you enable high security mode, the default settings are locked so that users cannot change them. In addition:
- The agent does not collect message queue parameters.
- You cannot create custom events.
- You cannot implement custom instrumentation using the Custom Instrumentation Editor.
- You cannot collect user attributes.
Custom security settings
If you customize security settings, it may impact the security of your application.
If you need different security settings than default or high security mode, you can customize these settings:
Effects on data security
By default, the Java agent does not log all data sent to New Relic in the agent log file.
If you set this to
To enable high security mode, set this to
Some proxies default to using HTTP, which is a less secure protocol.
Default for the Custom Instrumentation Editor:
By default, you are sending attributes to New Relic, except for methods instrumented using the Custom Instrumentation Editor. If you do not want to send attributes to New Relic, set this to
If there are specific attribute keys that you do not want to send to New Relic in transaction traces, identify them using
Consider if you want to exclude these potentially sensitive attributes using
By default, you are sending queries to New Relic using
By default, this is set to
If you are not using high security mode but still want to strip messages from all exceptions except those in your allow list, set this to
By default, the agent records events sent to the Event API via