To prevent others from using your private minions or synthetic job managers to assign scripted browsers, API tests, or step monitors, add verified script execution. Then, any changes to your minions or synthetics job managers will require a passphrase that is known only to you.
The private locations list in New Relic's UI includes a VSE column. A lock icon indicates that verified script execution has been set up for that location.
Passphrase security
Be sure to safeguard your private minion's passphrase. No other users on your account can view it, and it is never stored in New Relic's collector.
Important
This restriction includes New Relic support personnel. Because our collector never stores your passphrase, our support team cannot recover or reset your passphrase for you. If you forget your passphrase, you will need to change it in the minion Overview page, and then update each monitor assigned to that private location.
Enable verified script execution
Do the following to enable verified script execution for containerized private minions. Be sure to record your passphrase in a secure place.
Go to one.newrelic.com > Synthetic monitoring > Private locations > (select a private location). Select the private location's ellipses icon, and click Edit. Enable verified script execution, and then save.
Set the passphrase in your Docker or Kubernetes environment for either the containerized private minion or synthetics job manager:
Docker:
Add the
MINION_VSE_PASSPHRASE
environment variable to the Dockerrun
command used to start your private minion:docker run \--name YOUR_CONTAINER_NAME \-e MINION_PRIVATE_LOCATION_KEY="YOUR_PRIVATE_LOCATION_KEY" \-e MINION_VSE_PASSPHRASE="YOUR_PASSPHRASE" \-v /tmp:/tmp:rw \-v /var/run/docker.sock:/var/run/docker.sock:rw \-d \--restart unless-stopped \quay.io/newrelic/synthetics-minion:latestAdd the
VSE_PASSPHRASE
environment variable to the Dockerrun
command used to start your synthetics job manager:docker run \--name YOUR_CONTAINER_NAME \-e "PRIVATE_LOCATION_KEY=YOUR_PRIVATE_LOCATION_KEY" \-e VSE_PASSPHRASE="YOUR_PASSPHRASE" \-v /var/run/docker.sock:/var/run/docker.sock:rw \-d \--restart unless-stopped \newrelic/synthetics-job-manager:latestKubernetes:
Set the
synthetics.minionVsePassphrase
value in the Helminstall
orupgrade
command:helm install YOUR_CPM_NAME YOUR_REPO_NAME/synthetics-minion -n YOUR_NAMESPACE --set synthetics.privateLocationKey=YOUR_PRIVATE_LOCATION_KEY --set synthetics.minionVsePassphrase=YOUR_PASSPHRASESet the
synthetics.vsePassphrase
value in the Helminstall
orupgrade
command:helm install YOUR_JOB_MANAGER_NAME YOUR_REPO_NAME/synthetics-job-manager -n YOUR_NAMESPACE --set synthetics.privateLocationKey=YOUR_PRIVATE_LOCATION_KEY --set synthetics.vsePassphrase=YOUR_PASSPHRASE
From the Synthetics UI, select a monitor assigned to that location. Then select Settings > General.
From the list of private locations, select your location, type your passphrase, and save. Be sure to record your passphrase in a secure place.
Repeat steps 3 and 4 for each monitor you want to assign to your location.
Change your passphrase
To change your passphrase, do the following. Be sure to record your passphrase in a secure place.
Update the passphrase in your Docker or Kubernetes environment for either the containerized private minion or synthetics job manager:
Docker:
Stop your current minion. Then use the Docker
run
command to start a new minion with your updatedMINION_VSE_PASSPHRASE
environment variable:docker run \--name YOUR_CONTAINER_NAME \-e MINION_PRIVATE_LOCATION_KEY="YOUR_PRIVATE_LOCATION_KEY" \-e MINION_VSE_PASSPHRASE="YOUR_PASSPHRASE" \-v /tmp:/tmp:rw \-v /var/run/docker.sock:/var/run/docker.sock:rw \-d \--restart unless-stopped \quay.io/newrelic/synthetics-minion:latestStop your current synthetics job manager. Then use the Docker
run
command to start a new synthetics job manager with your updatedVSE_PASSPHRASE
environment variable:docker run \--name YOUR_CONTAINER_NAME \-e "PRIVATE_LOCATION_KEY=YOUR_PRIVATE_LOCATION_KEY" \-e VSE_PASSPHRASE="YOUR_PASSPHRASE" \-v /var/run/docker.sock:/var/run/docker.sock:rw \-d \--restart unless-stopped \newrelic/synthetics-job-manager:latestKubernetes:
Use the Helm
upgrade
command to set your updatedsynthetics.minionVsePassphrase
value:helm upgrade YOUR_CPM_NAME YOUR_REPO_NAME/synthetics-minion -n YOUR_NAMESPACE --set synthetics.privateLocationKey=YOUR_PRIVATE_LOCATION_KEY --set synthetics.minionVsePassphrase=YOUR_PASSPHRASEUse the Helm
upgrade
command to set your updatedsynthetics.vsePassphrase
value:helm install YOUR_JOB_MANAGER_NAME YOUR_REPO_NAME/synthetics-job-manager -n YOUR_NAMESPACE --set synthetics.privateLocationKey=YOUR_PRIVATE_LOCATION_KEY --set synthetics.vsePassphrase=YOUR_PASSPHRASE
Go to one.newrelic.com > Synthetic monitoring > (click the assigned monitor) > Settings > General.
From the list of private locations, select your location, type your new passphrase, and save.
Repeat steps 2 and 3 for each monitor assigned to your location.
Disable verified script execution
To disable verified script execution for containerized private minions:
Remove the passphrase in your Docker or Kubernetes environment:
Docker:
Stop your current minion container. Then use the Docker
run
command to start a new minion without theMINION_VSE_PASSPHRASE
environment variable:docker run \--name YOUR_CONTAINER_NAME \-e "MINION_PRIVATE_LOCATION_KEY=YOUR_PRIVATE_LOCATION_KEY" \-v /tmp:/tmp:rw \-v /var/run/docker.sock:/var/run/docker.sock:rw \-d \--restart unless-stopped \quay.io/newrelic/synthetics-minion:latestStop your current synthetics job manager container. Then use the Docker
run
command to start a new minion without theVSE_PASSPHRASE
environment variable:docker run \--name YOUR_CONTAINER_NAME \-e "PRIVATE_LOCATION_KEY=YOUR_PRIVATE_LOCATION_KEY" \-e VSE_PASSPHRASE="YOUR_PASSPHRASE" \-v /var/run/docker.sock:/var/run/docker.sock:rw \-d \--restart unless-stopped \newrelic/synthetics-job-manager:latestKubernetes:
Use the Helm
upgrade
command without the--set synthetics.minionVsePassphrase
value:helm upgrade YOUR_CPM_NAME YOUR_REPO_NAME/synthetics-minion -n YOUR_NAMESPACE --set synthetics.privateLocationKey=YOUR_PRIVATE_LOCATION_KEYUse the Helm
upgrade
command without the--set synthetics.vsePassphrase
value:helm install YOUR_JOB_MANAGER_NAME YOUR_REPO_NAME/synthetics-job-manager -n YOUR_NAMESPACE --set synthetics.privateLocationKey=YOUR_PRIVATE_LOCATION_KEY
Go to one.newrelic.com > Synthetic monitoring > Private locations (select a private location). Clear the Enable verified script execution checkbox, then save.
Other (legacy)
If you are not using containerized private minions, do the following to enable verified script execution. Be sure to record your passphrase in a secure place.
- In your web browser, navigate to the minion Overview page at
https://MINION_IP_ADDRESS
(for example,https://1.2.3.4
). - Select the pencil icon, then select Advanced settings (optional).
- Select the Verified script execution checkbox. Type a passphrase, then save. Record your passphrase in a secure place.
- Go to one.newrelic.com > Synthetic monitoring > Private locations (select a private location). Select the private location's ellipses icon, and click Edit. Enable verified script execution, then save.
- From the Synthetics UI, select a monitor assigned to that location. Then select Settings > General.
- From the list of private locations, select your location, type your passphrase, and save.
- Repeat steps 4 through 6 for each monitor you want to assign to your location.
To change your passphrase or disable verified script execution, follow the same basic process to go to your minion's IP address and update its Advanced settings. Then go to one.newrelic.com to complete the process.