Synthetics Monitoring Security

Synthetics Monitoring Security

This page is about the security of Datadog; if you're looking for the Security Monitoring product, see the Security Monitoring section.

This article is part of a series on data security.

The Synthetic Monitoring product allows you to proactively monitor how your systems and applications are performing using simulated requests and business transactions. Synthetic tests can be initiated from all around the globe, from either managed or private locations.

Encryption in managed locations

Test configurations and variables

  • Transport: Asymmetric encryption - RSA (4096-bit key). All requests are signed using Datadog Signature v1 (based on the same signing process as AWS Signature v4), ensuring both authentication and integrity.
  • Storage: Symmetric encryption - AES-GCM (256-bit key).

Test results

  • Transport: Asymmetric encryption - RSA (4096-bit key). All requests are signed using Datadog Signature v1 (based on the same signing process as AWS Signature v4), ensuring both authentication and integrity.
  • Storage: Sensitive parts (response headers and body) of test results are stored encrypted with an asymmetric encryption - RSA (4096-bit key) and decrypted on-the-fly when test results are fetched.

Artifacts

Artifacts are browser test screenshots, snapshots, errors, and resources.

Encryption in private locations

Private locations credentials

  • Storage: Private locations credentials used to sign test configuration, variables, and test results requests are stored encrypted (symmetric encryption - AES-GCM), with audit logging and access policies.

Test configurations and variables

  • Transport: Asymmetric encryption - RSA (4096-bit key). Communication between private locations and Datadog is secured using Datadog Signature v1 (based on the same signing process as AWS Signature v4), ensuring both authentication and integrity.
  • Storage: Symmetric encryption - AES-GCM (256-bit key).

Test results

  • Transport: Asymmetric encryption - RSA (4096-bit key). Communication between private locations and Datadog is secured using Datadog Signature v1 (based on the same signing process as AWS Signature v4), ensuring both authentication and integrity.

  • Storage: Sensitive parts (by default, response headers and body) of test results are stored encrypted with an asymmetric encryption - RSA (4096-bit key) and decrypted on-the-fly when test results are fetched.

Artifacts

Artifacts are browser test screenshots, snapshots, errors, and resources.

  • Storage: Encryption for AWS.
  • Transport: HTTPS transport between the private location and Datadog (authentication through API key), then from Datadog to storage: encryption in transit using AWS Signature Version 4 for S3.

Further Reading

Additional helpful documentation, links, and articles: