For an even better experience than plugins, go to:
- newrelic.com/integrations: Integrate the on-host and cloud systems you already use with New Relic, so you can filter and analyze data, create dashboards, and set alerts within a single platform.
- developer.newrelic.com: Use developer tools to collect data from any source, automate workflows, build apps, and use our APIs.
As of December 2, 2020, plugin access has been limited to accounts that have accessed a legacy plugin in the past 30 days. The legacy plugin experience will reach end of life (EoL) as of June 16, 2021. For more information, see our Explorers Hub post.
New Relic's Plugins tool been designed to be open and extensible, so that any New Relic user, developer, technology vendor, or partner may publish publicly accessible plugins within Plugin Central. Anyone who has a New Relic account can install and use these plugins through their New Relic user interface. Exception: Plugins in Plugin Central are not supported with accounts that host data in the EU region data center.
Having an open community where users both create and consume plugins can raise questions surrounding security. This document intends to address any security considerations for using these plugins. For more information about New Relic's security measures, see our security and data privacy documentation, or visit the New Relic security website.
For some plugins, New Relic, Inc. is the publisher, and will be clearly identified as the publisher. However, as an open resource, many plugins are created by our partners and third-party developers. Every plugin in the Plugin Central directory clearly identifies whether it was published by a New Relic developer or by a third party.
We require plugin publishers to provide an About link to their website, documentation about what the plugin is for and how to use it, and a link to obtain support when using the plugin. We also require plugin publishers to review and accept the Developer Terms of Service Agreement before they can make their plugin publicly accessible. You can review all information provided by the publisher before installing any plugin.
If you have any concerns about plugins developed with the SDKs for plugins, you can review the source code and verify that the plugin agents behave as expected. The plugin agent's code is light, and it can be reviewed in minutes.
Always keep your New Relic license key private. Typically access to your license key is needed only to record metric data or deployments for your applications, hosts, or plugins that are monitored by New Relic, not to introduce new data or code. No other access is allowed.
When developing a plugin agent, authors and publishers need to consider the environment in which they will be run. You should do everything possible to reduce the level of permissions your plugin users need to grant to the agent in order for it to run correctly. In particular:
- Unless it is absolutely necessary, do not require
sudopermissions in order to install your agent or support software on your users' computers. In this situation, the requirements should be limited in scope and well-documented. For additional information about access rights for plugin users, see the documentation about installing a plugin.
- When running your agent on the users' computers, do not require
- The components (instances) your plugin agent is monitoring should only need to grant read-only permissions in order for your agent to perform its actions.
- As much as possible, the components (instances) your plugin agent is monitoring should be able to reduce the levels of information and access needed.
- When documenting your plugin, describe what level of permissions your plugin agent requires from the components (instances) it is monitoring and why this is necessary.
Following these steps will make it easier for your plugin users to install your agent and increase their confidence that your agent cannot harm their components or instances being monitored. This will also reduce the likelihood of user problems if your agent has any serious bugs or other defects.
Plugins only need access to their monitored systems and New Relic simply to report metrics. You may want to consider running plugin agents in sequestered systems with limited network access that allow no more than the minimum required network access. Also, data retention for plugins follows New Relic's standard policies.
If you have any concerns about deploying any plugin from Plugin Central, follow your organization's guidelines. If for any reason you do not trust the source of an existing plugin, try creating your own version.