Secure credentials: Store credentials information for scripted browsers

New Relic Synthetics includes the option to use secure credentials to store critical information, such as passwords, API keys, user names, etc. This prevents the scripted browser's users from viewing, updating, or deleting these values unless they have explicit permissions. These credentials are securely stored using AES-GCM 256-bit encryption at rest with keys managed by Amazon KMS.

Requirements

Before using the secure credentials feature, follow these guidelines.

Secure keys Guidelines
Synthetics monitors

The secure credentials feature is available only for Synthetics scripted browsers and API monitors.

Permissions

Account administrators can control which users can create, view, or delete secure credentials by managing users' Permissions through the Synthetics Permissions page.

Secure credential identification

The secure credential name is the only required field. From the Synthetics Secure credentials page:

  1. Type a user name or other meaningful key name to identify the secure credential, maximum 64 alphanumeric or underscore _ characters.
  2. Optional: Use the Description for additional, more detailed information.
Password or value

From the Synthetics Secure credentials page:

  1. Type or select the password or value information. Use any combination of alphanumeric or special characters as needed, maximum 3000 characters.
  2. Optional: To view the Password/value as you type it, select the field's checkbox.

Use secure credentials

To add, view, edit, or delete a secure credential:

  1. Go to synthetics.newrelic.com > Secure credentials.
  2. Follow the UI instructions to add [plus-circle icon], edit [edit icon], or delete [delete icon] a secure credential, then save any additions or changes you make.
  3. To associate a secure credential with a scripted browser, edit the script.

You can have a maximum of 1,000 secure credentials at any one time.

After you add the secure credential to the script, the Secure credentials user interface will show how many scripted monitors use that credential. This number is approximate and only updates after a monitor with a secure credential has actually been run.

Synthetics: Secure keys 05.25.17
synthetics.newrelic.com > Secure credentials: After you add the secure credential via the Synthetics UI, edit the script for your scripted browser to use it.

Update the script

When using the editor for your scripted browser, follow these guidelines:

Script Guidelines
Format

Anywhere in the script where you reference the secure credential, access it via the reserved New Relic $secure JavaScript object with dot notation. For example, $secure.MY_SECURE_CREDENTIAL. Properties on $secure are not accessible through bracket notation.

Existing credentials

To view or select from a list of available secure credentials in the script editor:

  • Type $secure.

    OR

  • Select from the dropdown in the editor UI.

Validation To validate the secure credential, follow standard procedures to test the script or write an API test.

Any changes to the secure credential's value will automatically take effect across all monitors that use it. You do not need to also update the script.

Exception: If you update the script and jobs are already processing, the secure credential change will not take effect until the next time the job begins.

Security for secure credentials

To ensure the security of your secure credentials, New Relic scrubs the secure value out of all data that goes to results in New Relic Synthetics, New Relic Insights, and New Relic Alerts.

Example

A secure credential is named PASSWORD and the value is Pass123!. New Relic replaces Pass123! with _SECURECREDENTIAL_

For example, a script includes:

  $browser.get("https://example.com/" + $secure.PASSWORD)

The script results will show that New Relic Synthetics went to https://example.com/_SECURECREDENTIAL_, even though it actually went to https://example.com/Pass123!. This ensures the value of the secure credential will not appear in the results.

Redacted info

We currently redact the following from the results of your monitor:

  • The exact values of your secure credentials
  • Any percent-encoded values of your secure credentials

For more help

Recommendations for learning more: