Obfuscation rules let you mask sensitive data before the agent transmits it to New Relic. Each rule is a regex pattern paired with a replacement string. The agent applies rules in order to every string attribute value in every outgoing event — including QoE events and crash-recovered events.
Configuration
Objective-C
NRVAVideoConfiguration *config = [[[[NRVAVideoConfiguration builder] withApplicationToken:@"YOUR_NEW_RELIC_TOKEN"] withObfuscationRules:@[ @{ @"regex": @"account-\\d+", @"replacement": @"ACCOUNT_ID" }, @{ @"regex": @"token=[^&\"]+", @"replacement": @"token=REDACTED" }, ]] build];[[[NRVAVideo newBuilder] withConfiguration:config] build];Swift
let config = NRVAVideoConfiguration.builder() .withApplicationToken("YOUR_NEW_RELIC_TOKEN") .withObfuscationRules([ ["regex": "account-\\d+", "replacement": "ACCOUNT_ID"], ["regex": "token=[^&\"]+", "replacement": "token=REDACTED"], ]) .build()NRVAVideo.newBuilder().with(configuration: config).build()How it works
- The agent applies rules per string attribute value, not to the raw JSON payload — numeric and boolean attributes aren't affected.
- All rules run against every outgoing event, including regular, live, QoE, and crash-recovered events.
- Rules run in the order you declare them. If two rules can match the same value, order matters.
- The agent never obfuscates the
applicationTokenor HTTP auth headers — obfuscation only applies to event attribute values.
Edge cases
| Scenario | Behavior |
|---|---|
| No rules configured | The agent passes all attribute values through unchanged with no performance impact. |
| Empty replacement string | The agent removes the matched content from the value. |
| Invalid regex pattern | withObfuscationRules: throws NSInvalidArgumentException at configuration time, before any events are sent. |
| Non-string attribute value | The agent skips the attribute. Only string values are processed. |
| Malformed rules array entry | The agent skips any entry that isn't a dictionary and writes a warning to the log. |
applicationToken and HTTP auth headers | These are never included in event attributes and aren't affected by obfuscation rules. |
| Rule ordering | Rules run in the order they're declared in the array. |
| Catastrophic backtracking | NSRegularExpression has no built-in timeout on iOS. Avoid patterns with unbounded nested quantifiers (for example, (a+)+). Test rules against worst-case inputs before deploying. |