NREUM script exposes License Key in source code. Is it fine?

While checking the source code, the NREUM script exposes License Key including other information in srouce code.

"licenseKey": "abcd1234efgh",
            "applicationID": "90239209",
            "transactionName": "dw4PQEZdVVhVRh0OWVkETl1aVlxM",

I am wondering if it is fine or whether I need to be concerned and fix this? How?
The documentation says…

Under most circumstances, you should never need to change your New Relic license key. If your license key has been compromised, get support at support.newrelic.com

Not sure what to do?

Hey there @bedoni, great question!

Those values indeed are exposed when the Browser agent is instrumented on a webpage, but there shouldn’t be any concern about security - the below applied to both the browser license key and the account license key:

  • No one with your license key can see or make changes to your account settings, personal information, or payment methods
  • No one with your license key can see or make changes to your data

Even though these values are here, it doesn’t put your account or your data at risk. The only potential impact to data could be if someone copied the entire script off your page and ran it somewhere else(commonly happens if your public page gets scraped). If this happens, you can use Domain Conditions to control what data sources can report to your app.

Let us know if you have any questions about this or if you see anything in your data that you’d like to bring to our attention!

2 Likes