1. Uptime.com
  2. Monitoring Checks
  3. Advanced Checks

Using the Uptime.com Secure Vault

Lucas Lalonde
Updated

At Uptime.com you have the option to securely store and manage credentials such as passwords and certificates using the Secure Vault feature. With the Uptime.com Vault, your credentials are secured using a 256-bit AES-GCM encryption key. The details are not recoverable after encryption. Uptime.com staff do not have access to any credentials in the Secure Vault; they are stored and managed following zero-trust best practices.

Note: Uptime.com Secure Vault is currently in Beta and additional feature functionality will be released over the next few iterations.

Table of Contents

 

Using the Vault

Return

The Vault will allow you to create, edit, and delete credentials and other secrets within Uptime to use them securely in your checks.

Navigate to the Vault by clicking Settings > Secure Vault in the sidebar.

The main Vault table consists of 5 fields: 

  • Name: the name of the credential.
  • Type: the type of credential (username and password, certificate, single secret token, time-based one-time password)
  • Used In: number of checks the credential is used in.
  • Date Created: date the credential was created.
  • Created By: user who created the credential.

Add new Vault Items to store secure credentials by clicking the Add Credentials button in the top right.

When creating a new Vault Item, the following Credential Types are available:

  • Username and Password: A username and password pair, often used as basic authentication for HTTP, API checks, Transaction checks, and Page Speed checks.
  • Certificate: Allows four possible fields for storing credentials:
    • Add Certificate via Text: manually enter or copy and paste the credential into the field.
    • Upload Certificate File: upload a .PEM file to store the credential.
    • Upload Key File (optional): upload a key file to store the credential.
    • Passphrase: manually enter a passphrase for use in a check.
  • Single Secret Token: A single secret token that can be used in your checks.
  • Time-based One-time Password: A Time-Based One-Time Password used to authenticate your checks.

After creating a Vault item, you will be navigated to the main Secure Vault page where you are able to filter the different types of credentials. In addition, on this page if needed, you may delete the credential by using the trash can icon on the main table.


 

 

REST API

Return

Vault Items can be added and edited via the REST API using the credentials endpoint. These endpoints will update the Vault credentials.

The servicevariables endpoint can be used to add and edit the secrets stored in the Vault.

 

Vault Items

Return

Vault Items, also called Service Variables in the Uptime API, are variables that represent credentials that can be used in checks. Secure Vault functionality is currently available for API, HTTP(S), Transaction checks and Page Speed checks.

When creating or editing checks, you can add Vault Items by selecting a Credential from the Vault Items drop down list, which will populate a set of variables based on that credential.

If the Credential has more than one secret field, the Vault Item will have one variable per secret in the credential.

Each Variable is pre-populated with a default variable name, but variable names can be changed to suit your needs or preferences.

Variable names can only contain underscores, numbers, or letters. To save the variable name,  simply enter the name then click away from the input.

To use the variable in checks, surround the variable name with dollar signs ($) and use this combined string when adding the variable to check fields. You can also click the Copy symbol to copy the variable to your clipboard for easy insertion into check fields and to ensure the $ symbols are correctly prepended and appended to the variable.

 

HTTP(S) Checks

Return

Vault Item variables can be added to these fields in HTTP(S) checks under the Validation & Security tab:

  • Username
  • Password
  • HTTP Headers

 

API Checks

Return

Vault Items are functionally identical to the current implementation of variables in our API and Transaction checks, so Vault Items can also be used in API checks. Two common use cases for Vault Items are:

 

  • Vault Items work in all fields in the Authentication and Settings step. 
  • Vault Items also work in the data field for commands, offering another likely use case for credentials.

Other than the use cases above, Vault Items also work in all fields that API variables work in, including but not limited to:

 

  • Basic Username and Password authentication
  • Headers (in both commands and Authentication and Settings step)
  • Validation Fields
  • API Variables

After entering the variable and saving the check or using the “Run Test” feature, the credential will be substituted into the place where the variable is used right before the check is run.

 

Transaction Checks

Return

Vault items can be added to the following fields for the transaction check:

  • Basic Username and Password authentication
  • Headers (Authentication and Settings step)
  • Username and Password Steps
  • TOTP Secret

Note: The Transaction check has the TOTP feature built in already, and using a Vault Item is not a requirement. More information on using the built in TOTP feature of transaction checks can be found here.

The Vault feature is currently unavailable to be used on the Transaction Recorder.

TOTP Secret Flow

To store the TOTP secret from the transaction check you will need to add the Authentication & Settings Command. To use the TOTP secret, view the following example:

  1. Go to the Secure Vault page, and Add a new Vault Item, Select the Time-Based One-Time Password:


     
  2. In the Transaction check, add this credential as a Vault Item variable:

     
  3. In the Authentication & Settings step of the Transaction check, add the variable as a TOTP Secret:

  1. Use the Transaction TOTP functionality as normal.

 

Page Speed Checks

Return

Vault items can be added to the following fields for the Page Speed check:

  • Basic Username and Password authentication
  • Headers (Authentication and Settings step)
  • Username and Password Steps

 

Variable Use Limitations

Return

There are some fields where Vault variables either can’t be used or have no effect:

HTTP(S) Checks

These Fields will not work with Variables in HTTP(S) checks:

  • Status code(s) to expect
  • Proxy URL
  • String to post
  • URL

 

Additional Notes

Return

Private Location Monitoring

Return

Private Location monitoring version 5.0 and above does support Secure Vault functionality. If you have an older version please upgrade your Private Location.

 

Permissions

Return

Administrator and View & Modify users have the ability to view the Vault main table and to view and edit credentials.

View Only users can view the Vault main table and access individual Vault credentials to see a list of checks that use them, including direct links to those checks. However, View Only users cannot add, edit, or view the actual credential values.

 

Future Functionality

Return

We are committed to continuous feature and functionality upgrades to improve the vault.

Stay tuned for future updates and releases.

If you have any questions, please contact support@uptime.com.

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Have more questions?
Submit a request
Share it, if you like it.