The Python agent default security settings automatically provide security for your data to ensure data privacy and to limit the kind of information we ingest. You may have business reasons to change these settings.
If you want to restrict the information that we ingest you can enable high-security mode. If high-security mode or the default settings do not work for your business needs, you can apply custom settings.
For more information about security measures, see our security and privacy documentation, or visit the New Relic security website.
Default security settings
By default, here is how the Python agent handles the following potentially sensitive data:
- Request parameters: The agent does not capture HTTP request parameters.
- SQL: The agent sets SQL recording to
obfuscated
, which removes the potentially sensitive numeric and string literal values.
High-security mode settings
When you enable high-security mode, the default settings are locked so that users cannot change them. In addition:
- The agent does not collect message queue parameters.
- You cannot create custom events.
- The agent strips exception messages from errors.
Custom security settings
Cuidado
If you customize security settings, it may impact the security of your application.
If you need different security settings than default or high-security mode, you can customize these settings:
Dica
Some of these settings can be changed using environment variables. See Python agent environment variables for the complete list.
Setting | Effects on data security |
---|---|
string | Default: (none) If you use this to set the name of the audit log file, the agent will log details of messages passed back and forth between the monitored process and the data collector. You can then evaluate the information that the agent sends to the collector to see if it includes sensitive information. |
boolean | Default: To enable high-security mode, set this to |
string | Default: (none) Some proxies default to using HTTP, which is a less secure protocol. |
boolean | Default: By default, you are sending attributes. If you do not want to send attributes, set this to |
string | Default: (none) If there are specific attribute keys that you do not want to send in transaction traces, identify them using Consider if you want to exclude these potentially sensitive attributes using
|
boolean | Default: By default, the agent records events sent to the Event API via |
string | Default: By default,
|
boolean | Default: If you enable high-security mode, this is automatically set to |