Synthetics Encryption and Security

edit

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

Elastic Synthetics was designed with security in mind encrypting both persisted and transmitted data. This page catalogs the points within Elastic Synthetics where data is either stored or transmitted in an encrypted fashion.

Synthetics UI
edit

Data is stored in Kibana Secure Saved Objects, with sensitive fields encrypted. These fields include your script source, params, and global params.

Synthetics Service
edit

The Global Elastic Synthetics Service performs all communication of sensitive data (both internally, and with Kibana) over encrypted connections and encrypts all data persisted to disk as well.

Synthetics Private Locations
edit

In Kibana configuration for private locations is stored in two places, Synthetics saved objects which always encrypt sensitive fields using Kibana Secure Saved Objects and also in Fleet, which uses unencrypted saved objects restricted by user permissions. For Elastic Cloud customers all data is secured on disk regardless of whether additional saved object encryption is present. See our Cloud Security Statement for more information. We recommend that self-managed customers encrypt disks for their Elasticsearch instances if this is a concern.

All data is encrypted in transit. See Elastic Agent configuration encryption for more details.