ITRS named a Visionary in the 2024 Gartner® Magic Quadrant™ for Digital Experience Monitoring

  1. Support
  2. Knowledge base
  3. Uptrends account
  4. Vault

Vault

The vault helps you to manage usernames, passwords, certificates and other sensitive information you need as part of your monitor setup. It’s a centralized way to stay organized, and to keep track of the different usernames you’ve set up for your monitors. Furthermore, having a central place to store the usernames/passwords for your monitors allows you to define them just once, and use them in multiple monitors. Any change you make in a username/password combination in the vault will at once be applied to all monitors that use that vault item.

If you have many vault items or sections in your account, it is good to know that you can use the search in the menu to find them back by entering (part of) the name.

The vault is a feature that is included in all subscription plans at no additional cost.

A friendly reminder: For safety and best practices, you should use the Uptrends vault solely to manage all your sensitive information in Uptrends. Using this vault as the primary location to store secrets or for general password administration is not advisable.

What kind of data can be stored in the vault?

The vault supports several types of data, each of which has a particular purpose.

Credential set

A credential set is a username and password combination. You can use them in monitor types that accept a username/password for authentication, such as Basic/NTLM/Digest authentication in Multi-step API monitors, logins in SMTP/POP3/IMAP/SQL/FTP/SFTP, and usernames and passwords used in transaction scripts.

Certificate archive

This type can store a security certificate, in the form of a PKCS #12 certificate archive (usually a .p12 or .pfx file) that contains a certificate’s private key and its public key. Once uploaded, you can use the certificate as a client certificate in Multi-step API monitors.

Certificate public key

This type should be used when you’re setting up Single Sign-on for Uptrends. This vault item type will store the public key that is generated by your Identity Provider (IdP). When your IdP sends SAML login requests to Uptrends, it will sign those requests using a certificate. Uptrends will use the public key you provide to verify that the incoming request is genuinely coming from your IdP.

File

This vault item type can be used to store files, which can then be uploaded as part of a Self-Service transaction monitor flow. For more information on how to set up file uploads in your transactions, visit our documentation on page interactions in transaction monitors. Any file type or extension is supported, and we’ll automatically set the correct MIME-type (a universal way of specifying file nature and format on the internet), if applicable. The maximum file size is 2 MB.

One-time password (OTP) configuration

This vault item type stores a secret value that is used to generate a one-time password code. You can use this vault item as an alternative option to set up an OTP-based two-factor authentication (2FA) to monitor a web application that requires users to enter a code for login verification.

The following fields can be configured based on your preferences:

  • Secret encoding method — the type of encoding method used for the secret values. Choose Hex if the secret value you’ve entered is Hex-encoded (consisting of Hexadecimal digits ranging from 0—9 and A—F). Otherwise, choose the Uptrends default format, Base32, if your secret value is Base-32 encoded (containing 32 characters ranging from A—Z and 2—7).
  • Digits — the length of the generated one-time password code. The code can consist of 6, 7, or 8 digits.
  • Expiry time (s) — the duration for which the one-time password remains valid. The expiration time ranges from 1 to 120 seconds.
  • Algorithm — the type of Secure Hash algorithm (SHA) used. Algorithms can be SHA512 (64-byte hash), SHA256 (32-byte hash), or SHA1 (20-byte hash).

Is the vault a security feature?

The sensitive data you put in the vault, as the name suggests, is stored securely. The data is encrypted before it is stored, and doesn’t get decrypted until that data is actually needed. That said, Uptrends ensures that your data is never sent back to your browser. You or any other operator cannot retrieve or access your actual secrets as plain text whether through the Uptrends web application or through the Uptrends' API. You’re allowed to add, change or delete your vault items, but never view the content of the secret.

In this way, all your sensitive data are protected from potential risks and vulnerabilities. Think about scenarios wherein an employee misuses company resources and share such sensitive information to others, or instances when an employee leaves a company and then commits a breach of confidentiality. Also, imagine cases where you accidentally expose your data by means of unintentional screen share in a meeting or even left your laptop unattended in a public place, carelessly displaying sensitive information. Those unforeseen events and many more may lead to organizational threats and security risks. Uptrends then ensures that we are one step ahead to make your data secure as much as possible.

Keep in mind that Uptrends employees can never see your secrets. Check out this section to know who can access and manage vault items.

Adding a new item to the vault

To access the vault and review its contents, go to Account setup > Vault. You can view and update existing items, and add new items by clicking on the Add vault item button.

When you’re adding a new item to the vault, start by giving it a unique name. Select the appropriate vault item type, and optionally fill in a description if you want to add your own notes.

Depending on the type you selected, fill in the following information:

Credential set

A credential set is defined as a combination of a username and password. Please specify both values.

Certificate archive

If you have a certificate archive file (a .p12 or .pfx file) containing your private and public key, select that file in the Upload new archive field. It’s very likely that the archive file is encrypted; please specify the corresponding password in the password field.

Certificate public key

If you want to add a public key to the vault, you probably already have a public key file (usually a .pem or .cer file). Please copy the contents of that file into the Public key field. It should be Base64 encoded content that can be read as an X.509 certificate.

File

Files can be uploaded by clicking the Choose file button that appears when the File vault item type is selected. The Name and MIME type properties will be automatically filled in. We recommend you give the vault item a suitable name, so that you can easily refer to it when setting up the file upload actions in your transaction or Multi-Step API monitor .

Using sections to manage access to vault items

All items stored in the vault are organized into sections. All accounts start out with one vault section, and each item you store belongs in exactly one section. Since members of the administrators group have exclusive access to all items stored in that default section, all administrators can view and change each vault item.

In some cases, it’s useful to have more control: different operators/groups can have different responsibilities, and it’s generally a good idea to limit access to sensitive data as much as possible.

Limiting vault access to specific people

Access rules to the vault can be set on vault section level: you can change the permissions initially set for the default vault section, you can create additional vault sections and grant access to specific operator groups and individual operators.

Two access levels are available for vault sections:

  • Change vault section: operators/groups who have this access level for a vault section can add and remove vault items to that section, they can update the vault items stored in that section, and manage the access rights for that section.
  • View vault section: this access level is needed in order to see the vault items stored in a section, when selecting a vault item for its intended use (as a certificate or credential set in monitor settings, or as a certificate public key in Single Sign-on settings). Important: as soon as a vault item is configured as part of a monitor, edit privileges for that monitor will be restricted to operators who have View rights for the corresponding vault section. Edit privileges will be restricted in order to prevent unauthorized access to the vault item content.

Automating vault item management using the vault API

One of the advantages of setting up a vault item is that any changes to that vault item will be automatically applied to all monitors that use it. This is useful if you want to adopt a password expiry policy for the credentials used in your monitors. Suppose that those credentials expire every x days in your own network environment. All you have to do is change the content of the vault item that holds those credentials in Uptrends: the corresponding monitors will automatically start using the updated credentials.

You can take it a step further by automating the vault item update. You can call Uptrends Vault API from your own backend to update the credentials in an existing vault item. For more information, please look at the API documentation .

By using the Uptrends website, you consent to the use of cookies in accordance with our Cookie Policy.