New Relic Synthetics includes the option to use secure credentials to store critical information, such as passwords, API keys, user names, etc. This prevents the scripted browser's users from viewing, updating, or deleting these values unless they have explicit permissions. These credentials are securely stored using AES-GCM 256-bit encryption at rest with keys managed by Amazon KMS.
Before using the secure credentials feature, follow these guidelines.
The secure credentials feature is available only for Synthetics scripted browsers and API monitors.
Account administrators can control which users can
|Secure credential identification||
The secure credential name is the only required field. From the Synthetics Secure credentials page:
|Password or value||
From the Synthetics Secure credentials page:
Use secure credentials
To add, view, edit, or delete a secure credential:
- Go to synthetics.newrelic.com > Secure credentials.
- Follow the UI instructions to add [plus-circle icon], edit [edit icon], or delete [delete icon] a secure credential, then save any additions or changes you make.
- To associate a secure credential with a scripted browser, edit the script.
You can have a maximum of 1,000 secure credentials at any one time.
After you add the secure credential to the script, the Secure credentials user interface will show how many scripted monitors use that credential. This number is approximate and only updates after a monitor with a secure credential has actually been run.
Update the script
When using the editor for your scripted browser, follow these guidelines:
Anywhere in the script where you reference the secure credential, access it via the reserved New Relic
To view or select from a list of available secure credentials in the script editor:
|Validation||To validate the secure credential, follow standard procedures to test the script or write an API test.|
Any changes to the secure credential's value will automatically take effect across all monitors that use it. You do not need to also update the script.
Exception: If you update the script and jobs are already processing, the secure credential change will not take effect until the next time the job begins.
Security for secure credentials
To ensure the security of your secure credentials, New Relic scrubs the secure value out of all data that goes to results in New Relic Synthetics, New Relic Insights, and New Relic Alerts.
A secure credential is named
PASSWORD and the value is
Pass123!. New Relic replaces
For example, a script includes:
$browser.get("https://example.com/" + $secure.PASSWORD)
The script results will show that New Relic Synthetics went to
https://example.com/_SECURECREDENTIAL_, even though it actually went to
https://example.com/Pass123!. This ensures the value of the secure credential will not appear in the results.
We currently redact the following from the results of your monitor:
- The exact values of your secure credentials
- Any percent-encoded values of your secure credentials