If you work with synthetic scripts, you know they often contain sensitive data that must be kept secure and in compliance with your company’s security policies. When you need to change this sensitive data across hundreds of scripts—say, for a periodic company-mandated password update—you’re looking at a lot of potential toil. To address these pain points, we’re excited to announce the general availability of secure credentials in New Relic Synthetics, which allows you to simulate real user flows across your digital assets, monitor site performance, and test your applications globally.
Created based on user feedback, secure credentials lets you make simultaneous changes to multiple sensitive data values across several scripts. Using key-value pairs and heavy encryption to keep your data safe, secure credentials makes it easier to add and change sensitive data across your scripts. And you can trust that New Relic Synthetics is complying with the highest standards of security.
Using secure credentials
Remember those long nights rotating passwords and manually updating dozens or hundreds of synthetics scripts? You shouldn’t have many more of those. Our new secure credentials feature utilizes key-value pairs so you can update your credentials once without having to update each individual script when passwords or other sensitive data changes. When you save your sensitive data in a key-value pair, that pair becomes an object you can reference in any script.
Let’s walk through an example of setting up secure credentials in Synthetics.
Note: You can use secure credentials with scripted browsers or API monitors.
- In Synthetics, select the Secure credentials. If this is your first time creating secure credentials, click Create new secure credential.
- Input your key and its value, and add a description for easy reference. For example, let’s say I have a secure credential with the password value,
Password123
, and the key isMATS_PASSWORD
. - After you create the secure credential, open the script you want to use. Click Secure credentials (on the right-hand side of the page) to see a list of credentials you’ve created.
- Insert your secure credential. In the script, highlight the value you want to change and click select the secure credential you want to use. The value in the script will change to
$secure.______
with the name of your selected key referenced in the object. In this case, we’ve used$secure.MATS_PASSWORD
.
If you want to update pre-existing scripts, the script editor includes find-and-replace functionality. Use CMD+ F on your keyboard, and select the "find and replace" input selector. (See the documentation for more information.)
Keeping your sensitive data secure with the highest encryption standard
You can rely on Synthetics’ secure credentials to keep your sensitive data safe. We use Amazon Key Management Service (KMS) to encrypt key-value pairs and ensure those keys are frequently rotated. We use KMS to create individual encryption keys for every credential stored using AES-GCM 256-bit encryption. Your data is decrypted only at run time when a check needs to be executed by a Synthetics minion.
After you run a script, the Synthetics minion scrubs all persistent data from the collected metrics, and the feedback log references the key-value pair object as _SECURECREDENTIAL_
, meaning the object is removed at the end of each run. By identifying the sensitive data point as a key that can be referenced and inputting it into the script as an object, secure credentials ensures that we don't accidentally capture and persistently store your sensitive user data. If you use secure credentials with Synthetics’ fine-grained permissions, we can ensure that only users allowed to access sensitive data have access to it, and that the data is secure in the creation and running of a script.
Embrace the ease and security
As of today, secure credentials is available to all New Relic Synthetics users. We're confident you'll enjoy a reduction in toil when it comes to managing sensitive data in Synthetics. Rotating passwords and updating scripts doesn't have to be an hours-long manual process—with secure credentials you simply make one change, and automatically switch credential values across all your scripts. It’s just another way New Relic is continually working to deliver ease of use along with the highest level of trust.
이 블로그에 표현된 견해는 저자의 견해이며 반드시 New Relic의 견해를 반영하는 것은 아닙니다. 저자가 제공하는 모든 솔루션은 환경에 따라 다르며 New Relic에서 제공하는 상용 솔루션이나 지원의 일부가 아닙니다. 이 블로그 게시물과 관련된 질문 및 지원이 필요한 경우 Explorers Hub(discuss.newrelic.com)에서만 참여하십시오. 이 블로그에는 타사 사이트의 콘텐츠에 대한 링크가 포함될 수 있습니다. 이러한 링크를 제공함으로써 New Relic은 해당 사이트에서 사용할 수 있는 정보, 보기 또는 제품을 채택, 보증, 승인 또는 보증하지 않습니다.