Obfuscation rules let you mask sensitive data before the agent transmits it to New Relic. Each rule is a regex pattern paired with a replacement string. The agent applies rules in order to every string attribute value in every outgoing event — including QoE events and crash-recovered events.
How it works
- You define a list of
ObfuscationRuleobjects, each with a regex pattern and a replacement string. - Pass the list to
.withObfuscationRules()on the config builder. - Just before each HTTP transmission,
ObfuscationEngineiterates every string attribute of every event in the batch and applies the rules in order. - Only string values are processed — integers, longs, booleans, and nulls are passed through unchanged.
- The original event objects are never mutated, so failed batches can be retried cleanly without double-obfuscation.
Configuration
import com.newrelic.videoagent.core.ObfuscationRule;import java.util.Arrays;import java.util.List;
// Define rules — each rule is a regex pattern and a replacement string.// Rules are applied in order on every string attribute of every outgoing event.List<ObfuscationRule> obfuscationRules = Arrays.asList( // Mask account IDs: "account-83729" → "ACCOUNT_ID" new ObfuscationRule("account-\\d+", "ACCOUNT_ID"),
// Mask auth tokens: "token=abc123xyz" → "token=REDACTED" new ObfuscationRule("token=[^&\"]+", "token=REDACTED"),
// Mask user path segments: "/users/john_doe" → "/users/USER_ID" new ObfuscationRule("/users/[^\"/]+", "/users/USER_ID"));
NRVideoConfiguration config = new NRVideoConfiguration.Builder("application-token") .autoDetectPlatform(getApplicationContext()) .withHarvestCycle(5 * 60) .withObfuscationRules(obfuscationRules) .build();
NRVideo.newBuilder(getApplicationContext()).withConfiguration(config).build();ObfuscationRule constructor
new ObfuscationRule(String pattern, String replacement)Parameter | Type | Description |
|---|---|---|
|
| A Java regex pattern string. Compiled eagerly — an invalid pattern throws |
|
| The string to substitute for each match. Use |
obfuscationRules configuration parameter
A list of ObfuscationRule objects applied to every string attribute of every outgoing event immediately before HTTP transmission. Rules run in the order they are declared — the output of one rule feeds into the next. Default: empty list (no obfuscation).
Common patterns
What to mask | Pattern | Replacement |
|---|---|---|
Numeric account IDs |
|
|
Auth / bearer tokens |
|
|
User path segments |
|
|
Email addresses |
|
|
UUIDs |
|
|
Rule ordering
Rules are applied left-to-right. The output of rule N becomes the input of rule N+1. Order matters when one rule's replacement could match a later rule's pattern.
// Rule 1 turns "/john" into "/USER", then Rule 2 sees "/USER_profile" and masks it.new ObfuscationRule("john", "USER"),new ObfuscationRule("USER_profile", "PROFILE")// Result: "/john_profile" → "/USER_profile" → "/PROFILE"Edge cases
Situation | Behaviour |
|---|---|
No rules configured | No-op — zero overhead, original list returned as-is. |
Pattern matches nothing | Value is passed through unchanged. |
Empty replacement | Matched content is deleted. |
| Treated as plain characters (not regex back-references). |
Integer / Long / Boolean value | Skipped — only |
| Skipped — no NullPointerException. |
Invalid regex pattern |
|
|
|
HTTP send fails → dead-letter retry | Original (unobfuscated) events are retried; obfuscation is re-applied correctly on the retry pass. |