ITRS named a Visionary in the 2024 Gartner® Magic Quadrant™ for Digital Experience Monitoring

  1. Support
  2. Knowledge base
  3. Uptrends account
  4. Vault

Vault

The Uptrends Vault is a centralized storage that helps you manage your usernames, passwords, certificates, and other sensitive information as part of your monitor setup.

This feature allows you to store your credentials as Vault items and use them on multiple monitors. If, for example, you need to use a username and password combination for both Multi-Step API (MSA) and Transaction monitors, you can define these as vault items and apply them on both monitors. If any changes are made to your vault items, the Vault will automatically apply these changes to all monitors using the vault item. This way, you can easily organize and keep track of your data all in one place.

The Vault is included in all subscription plans at no additional cost.

A friendly reminder: For safety and best practices, you should use the Uptrends vault solely to manage all your sensitive information in Uptrends. Using this vault as the primary location to store secrets or for general password administration is not advisable.

Features of the Vault

The Vault offers a variety of features to store your information securely. These features include defining your Vault items, grouping each vault item using Vault section, and controlling access rights using Permissions.

To access the Vault, go to Account setup > Vault to easily view and access the vault features.

Vault sections

All items stored in the vault are organized into Vault sections. These serve as the main container or parent of your vault items. By default, all Uptrends accounts start with one vault section, and each vault item you store must belong to exactly one section.

Note that members of the Administrators group have exclusive access to all items stored in the default section; all Administrators can then view and change each vault item.

To create a new Vault section:

  1. In the right corner of your screen, click the Add vault section button.
  2. In the Section details, specify the vault section Name. It is recommended to give a name that clearly defines the purpose and items stored.
  3. Click Save to confirm the changes.

Once created, you can now add Vault items and grant Vault Permissions .

To delete a Vault section:

  1. Click the Delete this Vault Section button.
  2. In the Confirmation popup, click Delete to confirm changes.

Vault item types

Once you have your vault section, you can now categorize and add your vault items.

To add a Vault item,

  1. In the right corner of your screen, click the Add vault item button.
  2. In the Main tab, fill out the Details section accordingly:
  • Name — specify a unique name for the vault item.
  • Section — choose from the existing Vault sections in the dropdown list.
  • Description — provide any description or additional notes about the vault item type.
  • Type — choose from the different vault item types available in the dropdown list. The Vault supports several types of data that you can store for a particular purpose. The following are the vault item types available:

Credential set

This value item type is defined as a username and password combination. You can use them in monitor types that accept a username or password for authentication, such as basic, NTLM, and digest authentication in multi-step API monitors, logins in SMTP, POP3, IMAP, SQL, FTP, and SFTP, and usernames and passwords used in transaction scripts.

Certificate archive

This value item type can store a security certificate, in the form of a PKCS #12 certificate archive (usually a .p12 or .pfx file) that contains a certificate’s private key and its public key. Once uploaded, you can use the certificate as a client certificate in Multi-step API monitors.

If you have a certificate archive file (a .p12 or .pfx file) containing your private and public key, select that file in the Upload new archive field. The archive file is encrypted in most cases, so you need to specify the corresponding password in the Archive password field.

Certificate public key

This value item type should be used when you’re setting up Single Sign-on for Uptrends. This vault item type will store the public key that is generated by your Identity Provider (IdP). When your IdP sends SAML login requests to Uptrends, it will sign those requests using a certificate. Uptrends will use the public key you provided to verify that the incoming request is genuinely coming from your IdP.

If you want to add a public key to the vault, you probably already have a public key file (usually a .pem or .cer file). Copy the contents of the file, which should be Base64-encoded content that can be read as an X.509 certificate, into the Public key field.

File

This vault item type can be used to store files, which can then be uploaded as part of a Self-Service transaction monitor flow. For more information on how to set up file uploads in your transactions, visit our documentation on page interactions in transaction monitors. Any file type or extension is supported, and we’ll automatically set the correct MIME-type (a universal way of specifying file nature and format on the internet), if applicable. The maximum file size is 2 MB.

Files can be uploaded by clicking the Choose file button that appears when the File vault item type is selected. The name and MIME type properties will be automatically filled in. We recommend you give the vault item a suitable name, so that you can easily refer to it when setting up the file upload actions in your transaction or Multi-Step API monitor .

One-time password (OTP) or time-based one-time password (TOTP) configuration

This vault item type stores a secret value that is used to generate a one-time password code. You can use this vault item as an alternative option to set up an OTP-based two-factor authentication (2FA) to monitor a web application that requires users to enter a code for login verification.

The following fields can be configured based on your preferences:

  • Secret encoding method — the type of encoding method used for the secret values. Choose Hex if the secret value you’ve entered is Hex-encoded (consisting of Hexadecimal digits ranging from 0—9 and A—F). Otherwise, choose the Uptrends default format, Base32, if your secret value is Base-32 encoded (containing 32 characters ranging from A—Z and 2—7).
  • Digits — the length of the generated one-time password code. The code can consist of 6, 7, or 8 digits.
  • Expiry time (s) — the duration for which the one-time password remains valid. The expiration time ranges from 1 to 120 seconds.
  • Algorithm — the type of Secure Hash algorithm (SHA) used. Algorithms can be SHA512 (64-byte hash), SHA256 (32-byte hash), or SHA1 (20-byte hash).

Vault Permissions

Limiting vault access to specific people

In some cases, it’s useful to have more control: different operators/groups can have different responsibilities, and it’s generally a good idea to limit access to sensitive data as much as possible.

Access rules to the vault can be set on vault section level: you can change the permissions initially set for the default vault section, you can create additional vault sections and grant access to specific operator groups and individual operators.

Two access levels are available for vault sections:

  • Full control: operators/groups who have this access level for a vault section can add and remove vault items to that section, they can update the vault items stored in that section, and manage the access rights for that section.
  • View only: this access level is needed in order to see the vault items stored in a section, when selecting a vault item for its intended use (as a certificate or credential set in monitor settings, or as a certificate public key in Single Sign-on settings). Important: as soon as a vault item is configured as part of a monitor, edit privileges for that monitor will be restricted to operators who have view rights for the corresponding vault section. Edit privileges will be restricted in order to prevent unauthorized access to the vault item content.

Vault API item management

One of the advantages of setting up a vault item is that any changes to that vault item will be automatically applied to all monitors that use it. This is useful if you want to adopt a password expiry policy for the credentials used in your monitors. Suppose that those credentials expire every x days in your own network environment. All you have to do is change the content of the vault item that holds those credentials in Uptrends: the corresponding monitors will automatically start using the updated credentials.

You can take it a step further by automating the vault item update. You can call Uptrends Vault API from your own backend to update the credentials in an existing vault item. For more information, please look at the API documentation .

By using the Uptrends website, you consent to the use of cookies in accordance with our Cookie Policy.