Nurbak Feature
Store API keys and tokens with AES-256-GCM encryption and AWS KMS hardware security modules. Zero plaintext storage.
Encrypted API credential storage protects your authentication secrets with dual-layer encryption so Nurbak can monitor authenticated endpoints without exposing your keys. Credentials are encrypted at the application layer using AES-256-GCM, and the encryption keys themselves are managed by AWS KMS hardware security modules. Nurbak supports five authentication types including API Key, Bearer Token, Basic Auth, OAuth 2.0, and Custom Headers. Your credentials are never stored in plaintext and exist only in memory during the brief health check execution window.
Choose your authentication type and enter your credentials. They are encrypted immediately using AES-256-GCM before being stored.
The encrypted credentials are stored in the database. The encryption keys are managed by AWS KMS hardware security modules, adding a second layer of protection.
During each health check, credentials are decrypted into memory, used for the API request, and immediately discarded. They never exist in plaintext on disk.
Industry-standard authenticated encryption protects your credentials at the application layer, ensuring both confidentiality and integrity of stored secrets.
Encryption keys are managed by AWS Key Management Service hardware security modules, providing an additional layer of protection and key rotation capabilities.
Monitor authenticated APIs using API Key, Bearer Token, Basic Auth, OAuth 2.0, or Custom Headers. Each type is fully supported with proper credential handling.
Credentials are encrypted before they reach the database and are never written to disk in plaintext. Your secrets remain protected at every stage of the storage lifecycle.
Every access to encryption keys is logged through AWS CloudTrail, providing a complete audit trail of when and how your credentials were accessed.
Credentials are decrypted exclusively in memory during health check execution. Once the check completes, the plaintext is immediately discarded from memory.
Your credentials are protected with dual-layer encryption. First, they are encrypted at the application layer using AES-256-GCM, an industry-standard authenticated encryption algorithm. Second, the encryption keys are managed by AWS KMS hardware security modules. Credentials are never stored in plaintext and only exist in memory during the brief moment they are needed for a health check request.
Nurbak supports five authentication types for monitoring protected APIs. These are API Key (sent as a header or query parameter), Bearer Token (OAuth-style authorization header), Basic Auth (username and password), OAuth 2.0 (client credentials flow), and Custom Headers (any key-value header pair you need to send with requests).
Yes. Every time an encryption key is used to decrypt credentials for a health check, the access is logged through AWS CloudTrail. This gives you a complete audit trail showing exactly when your credentials were accessed, from which service, and for what purpose. You can review these logs to verify that access patterns match your expected monitoring schedule.
Free during beta. No credit card required.
No spam. Unsubscribe anytime.
