Our Multi-Step API monitor type allows you to set up a sequence of HTTP requests to your API, each using one or more pieces of data retrieved from a previous request. In some cases, such requests may involve the sending of sensitive data. For example, if your API requires authenticated access, you may have to send a set of credentials in order to authenticate before you can proceed.
Previously, that would be set up by adding the required sensitive data as predefined variables and then marking those variables as sensitive. However, as of this release we’ll be working towards removing the sensitive marking from predefined variables, and will instead be moving to vault support for our Multi-Step API monitors.
When setting up sensitive predefined variables, you will now have the option to refer to credential sets stored in the vault. Such credential sets can consist of a username and a password (although those are both optional).
Existing sensitive values will remain for the time being, but at some point in the following few weeks, we will be converting those sensitive values to vault items. This means any sensitive predefined variables you have set up will be replaced automatically by vault item references, and this conversion will require no action on your part.
When displaying the data sent in the monitor log, the username will remain visible as plain text, but the password value will be shown as asterisks. It should be noted that this change is not retroactive, meaning existing Multi-Step API monitor log data will not be sanitized. However, due to the 90-day data retention limit on individual monitor checks, such monitor log entries will disappear over time.