ITRS named a Visionary in the 2024 Gartner® Magic Quadrant™ for Digital Experience Monitoring

The vault helps you to manage usernames, passwords, certificates and other sensitive information you need as part of your monitor setup. It’s a centralized way to stay organized, and to keep track of the different usernames you’ve set up for your monitors. Furthermore, having a central place to store the usernames/passwords for your monitors allows you to define them just once, and use them in multiple monitors. Any change you make in a username/password combination in the vault will at once be applied to all monitors that use that vault item.

If you have many vault items or sections in your account, it is good to know that you can use the search in the menu to find them back by entering (part of) the name.

The vault is a feature that is included in all subscription plans at no additional cost.

A friendly reminder: For safety and best practices, you should use the Uptrends vault solely to manage all your sensitive information in Uptrends. Using this vault as the primary location to store secrets or for general password administration is not advisable.

What kind of data can be stored in the vault?

The vault supports several types of data, each of which has a particular purpose.

Credential set

A credential set is a username and password combination. You can use them in monitor types that accept a username/password for authentication, such as Basic/NTLM/Digest authentication in Multi-step API monitors, logins in SMTP/POP3/IMAP/SQL/FTP/SFTP, and usernames and passwords used in transaction scripts.

Certificate archive

This type can store a security certificate, in the form of a PKCS #12 certificate archive (usually a .p12 or .pfx file) that contains a certificate’s private key and its public key. Once uploaded, you can use the certificate as a client certificate in Multi-step API monitors.

Certificate public key

This type should be used when you’re setting up Single Sign-on for Uptrends. This vault item type will store the public key that is generated by your Identity Provider (IdP). When your IdP sends SAML login requests to Uptrends, it will sign those requests using a certificate. Uptrends will use the public key you provide to verify that the incoming request is genuinely coming from your IdP.

File

This vault item type can be used to store files, which can then be uploaded as part of a Self-Service transaction monitor flow. For more information on how to set up file uploads in your transactions, visit our documentation on page interactions in transaction monitors. Any file type or extension is supported, and we’ll automatically set the correct MIME-type (a universal way of specifying file nature and format on the internet), if applicable. The maximum file size is 2 MB.

One-time password configuration

A set of options with a secret value, which can be used to generate a one-time password code: if you’re looking to monitor a web application that requires regular users to enter a code from a mobile authenticator app when logging in, this vault item can be used as a synthetic substitute. See our article on setting up OTP-based 2FA in transactions for more information.

Is the vault a security feature?

The sensitive data you put in the vault, as the name suggests, is stored securely. The data is encrypted before it is stored, and doesn’t get decrypted until that data is actually needed. That said, Uptrends ensures that your data is never sent back to your browser. You or any other operator cannot retrieve or access your actual secrets as plain text whether through the Uptrends web application or through the Uptrends' API. You’re allowed to add, change or delete your vault items, but never view the content of the secret.

In this way, all your sensitive data are protected from potential risks and vulnerabilities. Think about scenarios wherein an employee misuses company resources and share such sensitive information to others, or instances when an employee leaves a company and then commits a breach of confidentiality. Also, imagine cases where you accidentally expose your data by means of unintentional screen share in a meeting or even left your laptop unattended in a public place, carelessly displaying sensitive information. Those unforeseen events and many more may lead to organizational threats and security risks. Uptrends then ensures that we are one step ahead to make your data secure as much as possible.

Keep in mind that Uptrends employees can never see your secrets. Check out this section to know who can access and manage vault items.

Adding a new item to the vault

To access the vault and review its contents, go to Account setup > Vault. You can view and update existing items, and add new items by clicking on the Add vault item button.

When you’re adding a new item to the vault, start by giving it a unique name. Select the appropriate vault item type, and optionally fill in a description if you want to add your own notes.

Depending on the type you selected, fill in the following information:

Credential set

A credential set is defined as a combination of a username and password. Please specify both values.

Certificate archive

If you have a certificate archive file (a .p12 or .pfx file) containing your private and public key, select that file in the Upload new archive field. It’s very likely that the archive file is encrypted; please specify the corresponding password in the password field.

Certificate public key

If you want to add a public key to the vault, you probably already have a public key file (usually a .pem or .cer file). Please copy the contents of that file into the Public key field. It should be Base64 encoded content that can be read as an X.509 certificate.

File

Files can be uploaded by clicking the Choose file button that appears when the File vault item type is selected. The Name and MIME type properties will be automatically filled in. We recommend you give the vault item a suitable name, so that you can easily refer to it when setting up the file upload actions in your transaction or Multi-Step API monitor.

Using sections to manage access to vault items

All items stored in the vault are organized into sections. All accounts start out with one vault section, and each item you store belongs in exactly one section. Since members of the administrators group have exclusive access to all items stored in that default section, all administrators can view and change each vault item.

In some cases, it’s useful to have more control: different operators/groups can have different responsibilities, and it’s generally a good idea to limit access to sensitive data as much as possible.

Limiting vault access to specific people

Access rules to the vault can be set on vault section level: you can change the permissions initially set for the default vault section, you can create additional vault sections and grant access to specific operator groups and individual operators.

Two access levels are available for vault sections:

  • Change vault section: operators/groups who have this access level for a vault section can add and remove vault items to that section, they can update the vault items stored in that section, and manage the access rights for that section.
  • View vault section: this access level is needed in order to see the vault items stored in a section, when selecting a vault item for its intended use (as a certificate or credential set in monitor settings, or as a certificate public key in Single Sign-on settings). Important: as soon as a vault item is configured as part of a monitor, edit privileges for that monitor will be restricted to operators who have View rights for the corresponding vault section. Edit privileges will be restricted in order to prevent unauthorized access to the vault item content.

Automating vault item management using the vault API

One of the advantages of setting up a vault item is that any changes to that vault item will be automatically applied to all monitors that use it. This is useful if you want to adopt a password expiry policy for the credentials used in your monitors. Suppose that those credentials expire every x days in your own network environment. All you have to do is change the content of the vault item that holds those credentials in Uptrends: the corresponding monitors will automatically start using the updated credentials.

You can take it a step further by automating the vault item update. You can call Uptrends Vault API from your own backend to update the credentials in an existing vault item. For more information, please look at the API documentation.

By using the Uptrends website, you consent to the use of cookies in accordance with our Cookie Policy.