API モニタリング用のクレデンシャル Vault

クレデンシャル Vault は、合成 API モニタリングジョブに使用されるクレデンシャルを安全に保存します。合成スクリプトまたは API モニタリングスクリプトを使用してジョブを作成する場合、ユーザー名やパスワードなどのクレデンシャルを追加してアプリケーションにログインし、保存されたクレデンシャルへの参照をスクリプトに挿入できます。ジョブが実行されると、API モニタリングスクリプトはその参照を使用して、クレデンシャル Vault に保存されたクレデンシャルを取得します。

How to Use Synthetic Credential Vault

Go to > Tools > Manage Synthetic Credentials.
Add a credential in a key-value pair to Synthetic Credential Vault.
Create a synthetic job using a synthetic script.
Inject the credential key into the synthetic script.

注: The job runs and retrieves the credential value associated with the credential key.
The synthetic job runs and retrieves the credential value associated with the credential key.

Add Synthetic Credentials

In Credential Vault, you can add credentials one-by-one or import multiple credentials.

Syntax Rules

This table describes credential syntax rules used for creating credentials and adding credentials to the API monitoring scripts:


Element	Rule
Keys	1-100 characters Alphanumeric characters, hyphens, and underscores only Keys must be unique per EUM account
Values	5000 characters Any non-control, printable UTF-16 characters
Credential key name (used in synthetic scripts)	"<%key%>"

Add a Single Credential

注: If you want to use a combination of credentials, such as a username and password combination, you must create two separate credentials: one credential for the username and one for the password.

To add a single credential for a sample email:

Go to > Tools > Manage Synthetic Credentials.
Click Add.
Enter a key and value. Make sure you follow syntax rules.
(Optional) Select an associated application. When you search for credentials in the API monitoring script, associated credentials are suggested first.

Import Multiple Credentials

You can add multiple credentials at once using the Import button.

To add multiple credentials for sample emails and passwords:

Go to > Tools > Manage Synthetic Credentials.
Click Import.
Copy and paste credentials or type them line by line. Make sure you follow syntax rules.

Note: The maximum number of credentials that can be imported at once is 250.You cannot add associated applications to imported credentials. After importing, you must edit each credential individually to add the associated application.

Example

email_key=user123@email.com
password_key=Password123
email_key=user456@email.com
password_key=Password456

Use Credentials in an API Monitoring Script

You can retrieve a credential value by inserting the corresponding credential key in a script. Credentials associated with a specific application appear first when you start typing the key in the script.

To create an API monitoring job:

Go to User Experience > API Monitoring > Jobs > Add.
Add your API monitoring script. See Write Your First Script.

Enter the credential key using the syntax "<%key%>"

API Monitoring Script

var response = await client.get("https://authenticate-me-api.com", {
headers: {
api_token: <%api_token%>
}
});

Store the Certificate Authority Content in the Synthetic Credential Vault

To store the Certificate Authority (CA) content in the Synthetic Credential Vault:

Override the default trusted CA certificate by using the Advanced HTTPS API of the got client:
1. Configure the certificateAuthority option. This stores the CA certificate .pem file contents in the certificate_authority_pem file.
2. Specify the following string in the script:
```
var response = await client.get("https://authenticate-me-api.com", {
https: {
certificateAuthority: %certificate_authority_pem%
}
});
```
Export the CA certificate of a website or URL. When you export, ensure that you select the root CA. For example, when you export the CA certificate of www.google.com, select GTS Root R1 before exporting.This exports the certificate in the .pem file format.

Update the API monitoring script with the content of the exported .pem file. You must add the \n\ delimiter at the end of each line of the certificate content:

Example CA Certificate

const assert = require("assert");
const cert = '-----BEGIN CERTIFICATE-----\n\
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\n\
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n\
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n\
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\n\
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n\
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n\
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\n\
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\n\
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n\
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\n\
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\n\
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\n\
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\n\
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\n\
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\n\
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n\
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\n\
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\n\
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\n\
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n\
-----END CERTIFICATE-----';
(async () => {
var response = await client.get("https://synthetic.api.appdynamics.com/version", {
https: {
certificateAuthority: cert
}
});
assert.equal(response.statusCode, 200);
assert.equal(response.statusMessage, "OK");
})()

User Permissions

In the Controller Administration UI, you can configure roles and groups with Account-level. You can add roles and groups to users based on the requirement. The Manage Credential Vault permission allows you to manage access control of the Credential Vault.


Permission	Privileges
Manage Credential Vault	Manage all users Add, edit, and delete credentials View both keys and values of stored credentials View users, timestamps, and associated applications columns
View Credential Vault	View keys of stored credentials View users and timestamps columns
Manage Self Credential Vault	When the administrator assigns this permission to users, they can add, edit, and view the credentials they create. When the administrator sets the synthetic.self.credentialvault.disabled flag to true,users can view the credential value. If it is set to false, Value column is hidden.

To create a role with the Manage Credential Vault:

Go to > Administration > Roles.
Under Roles, click Create.
Add a role name.
Under Account, click Add+.
Select one of the following permissions based on the role that you are creating:
- Manage Credential Vault
- View Credential Vault
Under User and Groups with this Role, add users and/or groups.