New Relic APM's configurable security policies gives you granular control over configuration options related to your account's data security. This document explains how to enable account-wide security policies and the options available.
APM's configurable security policies is available in limited release for approved New Relic accounts.
APM agent versions that support this feature include:
- C SDK: not available
- Go: 2.1 or higher
- Java: 4.1 or higher
- .NET: 8.1 or higher
- Node.js: 4.1 or higher
- PHP: 8.1 or higher
- Python: not available
- Ruby: 5.2 or higher
Security policies apply account-wide. Once enabled, they can only be edited or disabled with the help of New Relic support.
If high security mode is enabled for the account(s), do not disable it. Account-level high security mode differs from your APM agent's high security mode, which is set in the configuration file.
High security mode and configurable security policies do not apply to Lambda monitoring or use of the New Relic Event API.
For the limited release, there is no UI component.
If you are participating in the limited release, follow this procedure to set up your accounts:
- Choose the accounts or sub-accounts on which to enable configurable security policies.
- Choose the configurable security policies options that you want for those accounts.
- Inform your New Relic sales rep of the options that you have chosen.
- Ensure your agent versions support this feature. Update agents if necessary.
- When you receive the security token based on the security policies options that you chose, insert the security token into the agent configuration file(s). See examples.
- Delete the high security mode enabled flag from your config file(s).
High security mode (HSM) at the agent level is different than high security mode at the account level. Be sure to disable HSM in the agent's config file, as explained in this procedure. Having both the security token and the HSM flag will result in the agent disconnecting.
Here are some example configuration examples for enabling the configurable security policies:
Here are the settings you can choose when creating your policies. Some of these options will not be available for some agents.
Database query collection
Go, Java, .NET, Node.js, Ruby only
Raw exception messages
Custom instrumentation editor
Java and Ruby only
For more information about configuration file settings, refer to your specific agent's documentation.
If you are a New Relic customer and interested in the limited release of configurable security policies, contact your New Relic sales rep.