Using the Uptime.com Secure Vault

At Uptime.com you have the option to securely store and manage credentials such as passwords and certificates using the Secure Vault feature. With the Uptime.com Vault, your credentials are secured using a 256-bit AES-GCM encryption key. The details are not recoverable after encryption. Uptime.com staff do not have access to any credentials in the Secure Vault; they are stored and managed following zero-trust best practices.

Note: Uptime.com Secure Vault is currently in Beta and additional feature functionality will be released over the next few iterations.

Table of Contents

 

Using the Vault

The Vault will allow you to create, edit, and delete credentials and other secrets within Uptime to use them securely in your checks.

Navigate to the Vault by clicking Secure Vault in the sidebar.

Note: Vault is currently only available in the next-generation UI. Navigating to this page within the legacy web application will direct the browser to Secure Vault in the next-gen web app.

The main Vault table consists of 5 fields: 

      • Credential Name: the name of the credential.
      • Credential Type: the type of credential (single token, certificate, username/password, etc.)
      • Used In: number of checks the credential is used in.
      • Date Created: date the credential was created.
      • Created By: user who created the credential.

Add new Vault Items to store secure credentials by clicking the Add New button in the top right.

When creating a new Vault Item, the following Credential Types are available:

      • Username and Password: A username and password pair, often used as basic authentication for HTTP, API checks, Transaction checks, and Page Speed checks.
      • Certificate: Allows four possible fields for storing credentials:
        • Add Certificate via Text: manually enter or copy and paste the credential into the field.
        • Upload Certificate File: upload a .PEM file to store the credential.
        • Upload Key File (optional): upload a key file to store the credential.
        • Passphrase: manually enter a passphrase for use in a check.
      • Single Secret Token: A single secret token that can be used in your checks.

Once a Credential has been added, it can be deleted using the trash can icon on the main table.  

 

Vault Items

Vault Items, also called Service Variables in the Uptime API, are variables that represent credentials that can be used in checks. Secure Vault functionality is currently available for API and HTTP(S) checks.

When creating or editing checks, you can add Vault Items by selecting a Credential from the Vault Items drop down list, which will populate a set of variables based on that credential.

If the Credential has more than one secret field, the Vault Item will have one variable per secret in the credential.

Each Variable is pre-populated with a variable name, but variable names can be changed to suit your needs or preferences.

Variable names can only contain underscores, numbers, or letters. To save the variable name,  simply enter the name then click away from the input.

To use the variable in checks, surround the variable name with dollar signs ($) and use this combined string when adding the variable to check fields. You can also click the Copy copy_secret.png symbol to copy the variable to your clipboard for easy insertion into check fields and to ensure the $ symbols are correctly prepended and appended to the variable.

 

Check Fields

HTTP(S) Checks

Vault Item variables can be added to these fields in HTTP(S) checks:

      • Username
      • Password
      • HTTP Headers

 

API Checks

Vault Items are functionally identical to the current implementation of variables in our API and Transaction checks, so Vault Items can also be used in API checks. Two common use cases for Vault Items are:

      • Vault Items work in all fields in the Authentication and Settings step. 
      • Vault Items also work in the data field for commands, offering another likely use case for credentials.

Other than the use cases above, Vault Items also work in all fields that API variables work in, including but not limited to:

      • Basic Username and Password authentication
      • Headers (in both commands and Authentication and Settings step)
      • Validation Fields
      • API Variables

After entering the variable and saving the check or using the “Run Test” feature, the credential will be substituted into the place where the variable is used right before the check is run.

 

Transaction Checks

Vault items can be added to the following fields for the transaction check:

  • Basic Username and Password authentication
  • Headers (Authentication and Settings step)
  • Username and Password Steps

unnamed (7).png

unnamed (8).png

 

Page Speed Checks

Vault items can be added to the following fields for the Page Speed check:

  • Basic Username and Password authentication
  • Headers (Authentication and Settings step)
  • Username and Password Steps

 

REST API

Vault Items can be added and edited via the REST API using the credentials endpoint. These endpoints will update the Vault credentials.

The servicevariables endpoint can be used to add and edit the secrets stored in the Vault.

 

Variable Use Limitations

There are some fields where Vault variables either can’t be used or have no effect:

HTTP(S) Checks

These Fields will not work with Variables in HTTP(S) checks:

      • Status code(s) to expect
      • Proxy URL
      • String to post
      • URL

 

Additional Notes

Private Location Monitoring

Private Location monitoring currently does not support Secure Vault functionality.

 

Permissions

Administrator and View & Modify users have the ability to view the Vault main table and to view and edit credentials.

View Only users can view the Vault main table, but cannot add, edit, or view credentials.



Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Have more questions?
Submit a request
Share it, if you like it.