Store secure credentials for scripted browsers and API tests

You can use secure credentials with synthetic monitoring to store critical information, such as passwords, API keys, usernames, etc. This prevents scripted monitor users from viewing, updating, or deleting these values unless they have explicit permissions in New Relic. The credentials are securely stored using AES-GCM 256-bit encryption at rest with keys managed by Amazon AWS Key Management Service (KMS).

You can set secure credentials in New Relic One or with the API.

Requirements and limits

Before using secure credentials, review these requirements and guidelines:

Secure credentials Comments
Applicable monitors

The secure credentials feature is available only for synthetic scripted browsers and API test monitors.

Permissions

Account administrators can control which users can create, view, or delete secure credentials by managing users' permissions.

Limit

You can have a maximum of 1,000 secure credentials.

Add or update secure credentials

You can add or update secure credentials using the UI or the Synthetics REST API.

To add, view, edit, or delete a secure credential for a scripted browser or API test monitor from the UI:

  1. Go to one.newrelic.com > Synthetics > Secure credentials.
  2. Follow the UI instructions to add, edit, or delete a secure credential, then save any additions or changes you make.
    • Tips for creating the Key: choose a username or other meaningful key name to identify the secure credential. Use alphanumeric or underscore _ characters.
    • Tips for creating the Value: Use any combination of alphanumeric or special characters. 3000 characters maximum. This field is not accessible via the API.
  3. Associate the secure credential with a scripted browser or API test by editing the script.

After you add the secure credential to the script, the Secure credentials user interface shows how many scripted monitors use that credential. This number is approximate and only updates after a monitor with a secure credential has actually been run.

Update the script

When using the Synthetics UI editor to create scripted browsers or API test monitors, follow these guidelines:

Script Guidelines
Format

Anywhere in the script where you reference the secure credential, it is accessed via the reserved New Relic $secure JavaScript object with dot notation. For example, $secure.MY_SECURE_CREDENTIAL. Properties on $secure are not accessible through bracket notation.

Existing credentials

To view or select from a list of available secure credentials:

  • Type $secure.

    OR

  • Select from the dropdown in the editor UI.

Validation To validate the secure credential, follow standard procedures to test the script or write an API test.

Any changes to the secure credential's value will automatically take effect across all monitors that use it. You do not need to also update the script.

Exception: If you update the script and jobs are already processing, the secure credential change will not take effect until the next time the job begins.

Security for secure credentials

To ensure the security of your secure credentials, New Relic scrubs the secure value out of all data that goes to results in synthetic monitoring data and alerts. New Relic employees cannot access secure credential values and must be added to the account to be able to view secure credentials.

Example

A secure credential is named PASSWORD and the value is Pass123!. New Relic replaces Pass123! with _SECURECREDENTIAL_

For example, a script includes:

  $browser.get("https://example.com/" + $secure.PASSWORD)

The script results will show that New Relic Synthetics went to https://example.com/_SECURECREDENTIAL_, even though it actually went to https://example.com/Pass123!. This ensures the value of the secure credential will not appear in the results.

Redacted information

We currently redact the following from the results of your monitor:

  • The exact values of your secure credentials
  • Any percent-encoded values of your secure credentials

For more help

If you need more help, check out these support and learning resources: