How do you all handle allowing users to update their own credentials used by synthetics? Or is there any good way. The below is noted in a document. We will not be giving out that env level permission for obvious reasons so how can we let our users manage their credentials and update the password?
Also, is there no way to update the owner of a credential? We have an api call to update a credential but I don't see the owner as being an option. If I add in the owner the calls works fine with a 204 but the owner doesn't actually get updated.
From Dynatrace document:
To view and write to the credential vault, a user must have the Change monitoring settings environment-level permission.
If you do not have this permission:
You cannot access the credential vault from global settings.
You cannot create a credential (as shown below) when creating/editing a browser monitor in script or UI mode.
I thought the owner was changed when the credential was updated? That's also what the docs suggest. Have you tried this or are you using the same user that created the credential to update it.
There are several product ideas in this area. I wondered if this one might be what you are looking for. If so, can you add a comment for the Product Manager to see more information on your use case.
Also, are you already storing the credentials in another vault? If so, you could use the new External Vault integration feature. I would only use this if your credentials change relatively often, as it's a higher cost, but if your users already have the permissions you want on another vault then this might be helpful
The fact that the owner is kept as the person updating it, is the problem here. We don't give out any api tokens to non dynatrace admins so it's only my team that can update the token through an api call. What I'm trying to do is update the credentials that have my team members as the owner, to be the correct owner (someone responsible for the synthetic). The reason why we are the owner is because we were initially creating the synthetic but we my team is getting away from that and leaving it up to app teams to do it themselves.
We don't store the credentials in another vault but I will probably look at that in the near future. The product idea you linked seems to be exactly what we are looking for. Thank you!
I do face the same challenge here with my clients, that's why I have opened the Idea Hannah mention.
The problem with the API is that the users are not able to create tokens with the proper permission, and if we do create for them, the token would be ours, so does the Vaults once edited. You can not change the Vault owner thru an API, since the vault would be owned by the last person who edited it.
External Vault integration is a really good feature, we just need to start adding more vendors/products or make it agnostic.