Credentials in Qntrl | Qntrl | Bridge | Online Help

Credentials

The Credential module provides a streamlined solution for storing and managing authentication credentials for databases, remote machines, and application servers. Organizations dealing with multiple databases or APIs often face repetitive credential entry, raising concerns about security and password exposure.

To address these concerns, the Credentials module serves as a centralized repository within a bridge, specifically designed for storing authentication data like usernames and passwords. This ensures that when a task is executed through the bridge, the required credentials can be easily accessed and utilized from the Credential module without any manual effort or intervention.

Users have the flexibility to create and store credentials within their Qntrl cloud account or on-premise system via the Bridge agent, based on organizational preferences.

Benefits of Credentials 

Enhanced Security: Credentials ensure security by minimizing the risk of exposing sensitive information like passwords and API keys during authentication, and only allowing authorized entities to use the resources.
 
Convenient Access: Credentials eliminate the need to enter usernames and passwords manually. By referencing the credential name, accessing required resources becomes quick and effortless.
 
Access ControlBy utilizing credentials, administrators can grant specific privileges to users or applications, thereby ensuring that they are restricted to accessing only the essential functionalities.
 
Centralized Management: Having all credentials stored in one central location simplifies credential management and allows for easy updates or modifications when required.
 
Auditing and Accountability: Unique credentials for each user/app simplify tracking, audits, and identifying suspicious activities or security breaches.

 

Encryption and Decryption 

Credential information is securely stored in an encrypted format, ensuring that once entered, it remains inaccessible. The provided data is encrypted both ways during transmission using TLS and at rest using 256-bit AES encryption.  
  1. Basic - Password encrypted
  2. API Key  - Token encrypted
  3. JDBC Credential Type - Password encrypted
  4. SSH Credential Type - Password encrypted
  5. PowerShell Credential Type - Password encrypted
  6. AD Credential Type - Password encrypted
  7. NTLM - Password encrypted

Permission settings 

Accessing and utilizing the credentials requires permission, as only users with the appropriate authorization can employ the credentials to execute a message. By default, the user who created the credential can use it. For other users, access to credentials must be enabled in their Profiles section for them to use the credentials.

Supported Credential Types

Bridge offers several types of credentials to enable secure access to different services and resources. Each credential type serves specific purposes and has its own set of parameters. 

Basic

Basic credentials are used to authenticate SOAP requests by passing a username and password. Basic credentials created here can be used in Bridge when making SOAP calls

Fields:
  • Username/Password: The account username and password that will be used to authenticate SOAP requests.


API Key

An API key is a unique code used to identify the application or user making an API request. Based on the scope defined while generating an API Key, it grants access to APIs for data retrieval, updates, or specific actions. API credentials created here can be utilized in Bridge, Circuit, API LookUp fields, and Webhooks

Fields:
  1. Token: The token generated in the service where the API request is intended to be sent. 
  • Header: Name of the HTTP header that carries the API token or other authentication information. Common header names for API tokens include:
    • Authorization
    • API-Key
    • Bearer
  • Parameter: Names of the query parameters or request body parameters used to pass the API token during an API request. 


JDBC

JDBC credentials provide access to a database connection. JDBC Credentials created here can be used in Bridge, Circuit, and DB LookUp fields


Fields:
  1. Username/Password: The username and password associated with the database account you want to use.

OAuth 2.0

In Qntrl, a Connection, can be created and used in Deluge integration tasks or custom functions, to enable users to interact with their chosen service. Connection is based on OAuth 2.0 and acts as a way of login to a service. This type of credential can store the details of a connection, to facilitate the execution of webhooks of any application.

Fields:
  • OAuth Connection: Link Name of an existing Connection.


SSH

SSH credentials are used to connect UNIX and Linux devices securely and execute commands over the Secure Shell (SSH) protocol. SSH Credentials created here are used in Bridge and Circuit

Fields:
  • Username/Password: The username and password of the target machine where the shell script is intended to be executed.


Powershell

The credentials of this type are used to connect with Windows machine and execute PowerShell commands securely. PowerShell credentials created here are used in Bridge and Circuit. 

Fields:
  1. Username/Password: The username and password of the target machine where the PowerShell script is intended to be executed.

Active Directory  

These credentials are used for authenticating and accessing resources within an Active Directory (AD) environment. AD Credentials created here are used in Bridge and Circuit.


Fields:
  • User DN: Distinguished Name of the Active Directory.

  • Password: Password of the Active Directory.


NTLM

NTLM (NT LAN Manager) credentials are used for Windows-specific authentication in SOAP requests. NTLM credentials created here can be used in Bridge to connect to SOAP services that require Windows-based authentication. 

Fields:
  • Username/Password: The Windows account username and password used for authentication.
  • Domain: The domain associated with the Windows account.
  • Hostname: The hostname of the Windows machine.

Create a credential   

  To create a new credential:
  1. Click the settings gear icon at the left pane.

  2. Navigate to Advanced >> Bridge, then select Credentials.

  1. Click the New Credential button.

  2. Fill in the new credential details: The fields displayed will vary depending on the credential type you choose.
    1. NameProvide a unique name to identify the credential.
    2. TypeChoose the type of credential.
      1. Basic - Provide the user name and password.
      2. API Key - Mention the API token, then select whether to append it as a Parameter or Header, and specify the name. 
      3. JDBC - For the JDBC Credential type, the username and password need to be provided.
      4. OAuth 2.0 - Select the existing DRE connections.
      5. SSH - Provide the username and password of the machine where the Shell script has to be executed.
      6. Powershell - Provide the username and password of the machine where the Powershell script will be executed.
      7. Active Directory - Specify the User DN and Password of the Active Directory.
      8. NTLMProvide the username, password, domain, and hostname.
    1. Access TypeChoose how the credential should be stored.
      1. NativeCredentials are stored securely in the Qntrl database.
      2. BridgeCredentials are stored locally in your Bridge installation, ensuring they never leave your environment for higher security.
  1. Click Save.

 


Edit a Credential   

To update the details of an existing credential:

  1. Navigate to(settings) >> Advanced >> Bridge, then select Credentials.

  2. Select the credential you want to edit by clicking on its name.

  3. In the opened credential page, make modifications and click Save. 


Delete a Credential   

To delete an existing credential:

  1. Navigate to(settings) >> Advanced >> Bridge >> select Credentials.

  2. Hover over the name of the credential you want to delete, click the action menu, and select Delete.

  3. Confirm your delete action.

 


    • Related Articles

    • Bridge agent settings

      Once the Bridge agent is set up, you can log in to the bridge agent to view and modify the allowed configuration as needed. To do this: In Qntrl, navigate to (settings) >> Advanced >> Bridge, then select your bridge. Hover your cursor over the bridge ...
    • Active Directory(AD)

      Active Directory (AD) is a service developed by Microsoft that provides a centralized way to manage all your network machines, users, and resources in one place. Active Directory stores data as Objects, which include users, groups, applications, and ...
    • Zoho Directory in Qntrl

      What is Active Directory? Active Directory (AD) by Microsoft is a domain management system for centralized networks. Using AD, you can add users, define their privilege, store and manage information, and authorize and authenticate user accounts. What ...
    • Security Controls

      Data Encryption In Qntrl All the sensitive data is encrypted and stored in the Qntrl database. Sensitive data: Task payload, response Credentials Tokens used to connect with the Bridge AES algorithm is used to encrypt the data at rest. Encryption ...
    • Install Bridge

      Follow the below step-by-step procedures to configure and use Bridge in Qntrl. Step 1: Download the Bridge agent Only one Bridge agent can be installed per machine. To download a bridge agent in Qntrl: Navigate to (settings), under Advanced click ...

    You are currently viewing the help articles of Qntrl 3.0. If you are still using our older version and require guidance with it, Click here.