What's New
Product Documentation

Working with Secure Credentials

Transaction script workflows may require authentication to secure resources. To facilitate these scenarios, you can store and access login credentials, while keeping secure strings, such as passwords, hidden.

Managing Credentials

To manage login credentials, go to Cloud & Enterprise Agents > Test Settings > Credentials Repository tab.

  • To add a credential, click Add New Credential (1).

  • To delete a credential, hover over it in the list and click the trash icon (2). Then confirm that you want to delete this credential.

  • To edit a credential, click its row in the list.

The credentials you list here are available for use in transaction tests within the current account group, and do not extend to the entire organization that the account group is part of.

To view saved credentials, your account must have the View sensitive data in web transaction scripts permission. However, if you lack this permission, you can still update the credential. For more on account permissions, see Working with Account Settings.

Using Credentials

To use credentials from this repository in a transaction test, you must first enable them in the test's settings.

To enable the credentials, go to Cloud & Enterprise Agents > Test Settings > Tests tab. Click the key icon and check the box next to your credential to enable it, as shown below:

In your transaction script, credential entries are accessed with the function credentials.get('credentialName'). In practice, you might use this within a typeText() function like so:

await typeText(credentials.get('myPassword'), By.id('passwordId'));

Disallowing Access to the Credentials Repository

You can disallow all users, regardless of their permissions, from accessing transaction test credentials after they have been entered into the Credentials Repository. By default, these users include those with the Organization Admin or Account Admin roles, but may also include users with custom role definitions.

To disallow user credential access via the Web or API, users with the Edit security & authentication settings permission (i.e., the Organization Admin user role) can navigate to Account Settings > Organization Settings > Security and Authentication > Credentials Repository and toggle Disable global credential retrieval to override the View sensitive data in web transaction scripts permission setting. This action also prevents ThousandEyes support personnel from accessing user credentials. Changes to the Disable global credential retrieval setting are logged under Account Settings > Activity Log.

Best Practices

Keep in mind the following guidelines when you use credentials in your transaction tests:

  • Create a user with minimal permissions, dedicated only to transaction tests. This avoids potential interference caused by simultaneous logins.

  • Give each credential entry a descriptive name for easy recognition. Even if the number of users editing transactions tests is quite small, it can be key to the clarity of your scripts to have clear, organized credentials.

  • For added security, consider also saving username strings to the credentials repository.

Related Information

This article is part of the Transaction Scripting Guide.

If you have any questions, contact the ThousandEyes Customer Engineering team.