Integrating Credential Vault with ThousandEyes

In modern distributed environments, the challenge of operationalizing monitoring tools often hits a friction point: the secure handling of credentials. As engineering teams scale their synthetic testing, the reliance on static, long-term stored credentials creates significant security and compliance overhead. Today, we are excited to announce the release of Cisco ThousandEyes’ Credential Vault Integration, a new integration capability that enables dynamic, real-time credential retrieval within the Cisco ThousandEyes platform.

The Challenge: Balancing Operational Velocity with Security 

Until now, integrating Cisco ThousandEyes into highly regulated environments often required managing credentials directly within our platform. For many of our enterprise customers, this created a compliance bottleneck. From an engineering perspective, we needed a solution that would allow for: 

• Zero Persistence: Designed to eliminate the storage of sensitive credentials or passwords within the ThousandEyes infrastructure. 

• Dynamic Lifecycle Management: Supporting short-lived and rotating secrets that align with modern CI/CD and security best practices. 

• Centralized Governance: Helping to ensure that secret management remains within the customer’s internal environment, providing a single source of truth for auditability. 

The Technical Approach

Our first available credential vault integration is with CyberArk® Secrets Manager, Self-Hosted via a RESTful API-based solution. By moving away from static repositories, we enable the platform to perform real-time credential fetching during test execution.

When a test is triggered, the Enterprise Agent running in the customer environment makes a secure, authenticated call to the vault using the Vault Accessor module (te-vault-accessor). The credential is fetched in real time, used for the test, and is not passed through or stored in the Cisco ThousandEyes cloud infrastructure. The Vault Accessor module runs on Enterprise Agents and can be enabled per agent from the Agent Advanced Settings (Note: Cloud Agents do not support this integration). This does not allow sensitive data to persist at rest within our infrastructure. Furthermore, the integration supports per-test credential scoping, allowing teams to apply granular access controls for different monitoring workflows. 

Security-by-Design 

By offloading secret management to a dedicated vault, we align with the "Security-by-Design" principle. This integration allows our customers to: 

1. Reduce Exposure: Credentials exist only in memory during the execution phase. 

2. Streamline Compliance: Centralized secret management simplifies audit trails and lifecycle control. 

3. Minimize Operational Overhead: By automating the retrieval process, we reduce the manual intervention and human error associated with static credential updates. 

Looking Ahead 

This release is a foundational step in our commitment to secure, scalable monitoring.

For teams looking to operationalize Cisco ThousandEyes more broadly across their workflows, this integration provides the security posture necessary to move from siloed testing to a fully integrated, enterprise-grade assurance strategy. 

About Cisco 

Cisco (NASDAQ: CSCO) is the worldwide technology leader that securely connects everything to make anything possible. Our purpose is to power an inclusive future for all by helping our customers reimagine their applications, power hybrid work, secure their enterprise, transform their infrastructure, and meet their sustainability goals. Discover more on The Newsroom and follow us on X at @Cisco. 

CyberArk and Secrets Manager are trademarks or registered trademarks of CyberArk Software Ltd. in the United States and other countries.