If you work with synthetic scripts, you know they often contain sensitive data that must be kept secure and in compliance with your company’s security policies. When you need to change this sensitive data across hundreds of scripts—say, for a periodic company-mandated password update—you’re looking at a lot of potential toil. To address these pain points, we’re excited to announce the general availability of secure credentials in New Relic Synthetics, which allows you to simulate real user flows across your digital assets, monitor site performance, and test your applications globally.
Created based on user feedback, secure credentials lets you make simultaneous changes to multiple sensitive data values across several scripts. Using key-value pairs and heavy encryption to keep your data safe, secure credentials makes it easier to add and change sensitive data across your scripts. And you can trust that New Relic Synthetics is complying with the highest standards of security.
Using secure credentials
Remember those long nights rotating passwords and manually updating dozens or hundreds of synthetics scripts? You shouldn’t have many more of those. Our new secure credentials feature utilizes key-value pairs so you can update your credentials once without having to update each individual script when passwords or other sensitive data changes. When you save your sensitive data in a key-value pair, that pair becomes an object you can reference in any script.
Let’s walk through an example of setting up secure credentials in Synthetics.
Note: You can use secure credentials with scripted browsers or API monitors.
- In Synthetics, select the Secure credentials. If this is your first time creating secure credentials, click Create new secure credential.
- Input your key and its value, and add a description for easy reference. For example, let’s say I have a secure credential with the password value,
Password123, and the key isMATS_PASSWORD.
- After you create the secure credential, open the script you want to use. Click Secure credentials (on the right-hand side of the page) to see a list of credentials you’ve created.
- Insert your secure credential. In the script, highlight the value you want to change and click select the secure credential you want to use. The value in the script will change to
$secure.______with the name of your selected key referenced in the object. In this case, we’ve used$secure.MATS_PASSWORD.
If you want to update pre-existing scripts, the script editor includes find-and-replace functionality. Use CMD+ F on your keyboard, and select the "find and replace" input selector. (See the documentation for more information.)
Keeping your sensitive data secure with the highest encryption standard
You can rely on Synthetics’ secure credentials to keep your sensitive data safe. We use Amazon Key Management Service (KMS) to encrypt key-value pairs and ensure those keys are frequently rotated. We use KMS to create individual encryption keys for every credential stored using AES-GCM 256-bit encryption. Your data is decrypted only at run time when a check needs to be executed by a Synthetics minion.
After you run a script, the Synthetics minion scrubs all persistent data from the collected metrics, and the feedback log references the key-value pair object as _SECURECREDENTIAL_, meaning the object is removed at the end of each run. By identifying the sensitive data point as a key that can be referenced and inputting it into the script as an object, secure credentials ensures that we don't accidentally capture and persistently store your sensitive user data. If you use secure credentials with Synthetics’ fine-grained permissions, we can ensure that only users allowed to access sensitive data have access to it, and that the data is secure in the creation and running of a script.
Embrace the ease and security
As of today, secure credentials is available to all New Relic Synthetics users. We're confident you'll enjoy a reduction in toil when it comes to managing sensitive data in Synthetics. Rotating passwords and updating scripts doesn't have to be an hours-long manual process—with secure credentials you simply make one change, and automatically switch credential values across all your scripts. It’s just another way New Relic is continually working to deliver ease of use along with the highest level of trust.
The views expressed on this blog are those of the author and do not necessarily reflect the views of New Relic. Any solutions offered by the author are environment-specific and not part of the commercial solutions or support offered by New Relic. Please join us exclusively at the Explorers Hub (discuss.newrelic.com) for questions and support related to this blog post. This blog may contain links to content on third-party sites. By providing such links, New Relic does not adopt, guarantee, approve or endorse the information, views or products available on such sites.
