Credential Vault securely stores the credentials used in Synthetic API monitoring jobs. When you create a job with a synthetic script or API monitoring script, you can add a credential, such as a username and password, to log in to an application and inject a reference to the stored credential into the script. When the job runs, the API monitoring script uses that reference to retrieve the credentials stored in the Credential Vault.

How to Use Synthetic Credential Vault

1. Go to  > Tools > Manage Synthetic Credentials. 

2. Add a credential in a key-value pair to Synthetic Credential Vault. 

3. Create a synthetic job using a synthetic script. 

4. Inject the credential key into the synthetic script.

   The job runs and retrieves the credential value associated with the credential key.

5. The synthetic job runs and retrieves the credential value associated with the credential key. 

Add Synthetic Credentials

In Credential Vault, you can add credentials one-by-one or import multiple credentials.

Syntax Rules

This table describes credential syntax rules used for creating credentials and adding credentials to the API monitoring scripts:

"<%key%>"

Add a Single Credential

To add a single credential for a sample email:

1. Go to  > Tools > Manage Synthetic Credentials.

2. Click Add. 

3. Enter a key and value. Make sure you follow syntax rules. 

4. (Optional) Select an associated application. When you search for credentials in the API monitoring script, associated credentials are suggested first. 
   

Import Multiple Credentials

You can add multiple credentials at once using the Import button.

To add multiple credentials for sample emails and passwords:

1. Go to  > Tools > Manage Synthetic Credentials.

2. Click Import.

3. Copy and paste credentials or type them line by line. Make sure you follow syntax rules. 

email_key=user123@email.com
password_key=Password123
email_key=user456@email.com
password_key=Password456

Use Credentials in an API Monitoring Script

You can retrieve a credential value by inserting the corresponding credential key in a script. Credentials associated with a specific application appear first when you start typing the key in the script.

To create an API monitoring job:

1. Go to User Experience > API Monitoring > Jobs > Add. 
2. Add your API monitoring script. See Write Your First Script.

3. Enter the credential key using the syntax "<%key%>".

   var response = await client.get("https://authenticate-me-api.com", { headers: { api_token: <%api_token%> } });

Store the Certificate Authority Content in the Synthetic Credential Vault

To store the Certificate Authority (CA) content in the Synthetic Credential Vault:

1. Override the default trusted CA certificate by using the Advanced HTTPS API of the got client:
   1. Configure the certificateAuthority option. This stores the CA certificate .pem file contents in the certificate_authority_pem file.

   2. Specify the following string in the script:

      var response = await client.get("https://authenticate-me-api.com", { https: { certificateAuthority: %certificate_authority_pem% } });

2. Export the CA certificate of a website or URL. 
   When you export, ensure that you select the root CA. For example, when you export the CA certificate of www.google.com, select GTS Root R1 before exporting.
   
   This exports the certificate in the .pem file format.
3. Update the API monitoring script with the content of the exported .pem file. You must add the \n\ delimiter at the end of each line of the certificate content: 
   

   const assert = require("assert"); const cert = '-----BEGIN CERTIFICATE-----\n\ MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\n\ MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n\ d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n\ QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\n\ MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n\ b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n\ 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\n\ CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\n\ nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n\ 43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\n\ T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\n\ gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\n\ BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\n\ TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\n\ DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\n\ hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n\ 06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\n\ PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\n\ YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\n\ CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n\ -----END CERTIFICATE-----'; (async () => { var response = await client.get("https://synthetic.api.appdynamics.com/version", { https: { certificateAuthority: cert } }); assert.equal(response.statusCode, 200); assert.equal(response.statusMessage, "OK"); })()

User Permissions

In the Controller Administration UI, you can configure roles and groups with Account-level. You can add roles and groups to users based on the requirement. The Manage Credential Vault permission allows you to manage access control of the Credential Vault.

To create a role with the Manage Credential Vault:

1. Go to  > Administration > Roles.
2. Under Roles, click Create.
3. Add a role name.
4. Under Account, click Add+.
5. Select one of the following permissions based on the role that you are creating:
   • Manage Credential Vault
   • View Credential Vault
6. Under User and Groups with this Role, add users and/or groups.