Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.10](backport #3691) Clarify synthetics params / secrets docs #3697

Merged
merged 1 commit into from
Mar 21, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 11 additions & 4 deletions docs/en/observability/synthetics-params-secrets.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@
[[synthetics-params-secrets]]
= Work with params and secrets

Params allow you to use dynamically defined values, including sensitive information, in your
synthetic monitors. For example, you may want to test a production website with a particular
Params allow you to use dynamically defined values in your synthetic monitors.
For example, you may want to test a production website with a particular
demo account whose password is only known to the team managing the synthetic monitors.

For more information about security-sensitive use cases, refer to the <<synthetics-secrets-sensitive, documentation about sensitive values>>.

[discrete]
[[synthetics-params-secrets-define]]
= Define params
Expand Down Expand Up @@ -148,11 +150,16 @@ Your synthetics scripts may require the use of passwords or other sensitive secr

[WARNING]
====
Because synthetics scripts have no limitations, a malicious script author could write a
synthetics journey that exfiltrates `params` and other data at runtime.
Params are viewable in plain-text by administrators and other users with `all` privileges for
the Synthetics app.
Also note that synthetics scripts have no limitations on accessing these values, and a malicious script author could write a
synthetics journey that exfiltrates `params` and other data at runtime.
Do *not* to use truly sensitive passwords (for example, an admin password or a real credit card)
in *any* synthetics tools.
Instead, set up limited demo accounts, or fake credit cards with limited functionality.
If you want to limit access to parameters, ensure that users who are not supposed to access those values
do not have `all` privileges for the Synthetics app, and that any scripts that use those values
do not leak them in network requests or screenshots.
====

If you are managing monitors with projects, you can use environment variables
Expand Down
Loading