Credentials in Qntrl | Qntrl | Bridge | Online Help

Credentials

The Credential module provides a streamlined solution for storing and managing authentication credentials for databases, remote machines, and application servers. Organizations dealing with multiple databases or APIs often face repetitive credential entry, raising concerns about security and password exposure.

To address these concerns, the Credentials module serves as a centralized repository within a bridge, specifically designed for storing authentication data like usernames and passwords. This ensures that when a task is executed through the bridge, the required credentials can be easily accessed and utilized from the Credential module without any manual effort or intervention.

Users have the flexibility to create and store credentials within their Qntrl cloud account or on-premise system via the Bridge agent, based on organizational preferences.

Benefits of Credentials 

Enhanced Security: Credentials ensure security by minimizing the risk of exposing sensitive information like passwords and API keys during authentication, and only allowing authorized entities to use the resources.
 
Convenient Access: Credentials eliminate the need to enter usernames and passwords manually. By referencing the credential name, accessing required resources becomes quick and effortless.
 
Access ControlBy utilizing credentials, administrators can grant specific privileges to users or applications, thereby ensuring that they are restricted to accessing only the essential functionalities.
 
Centralized Management: Having all credentials stored in one central location simplifies credential management and allows for easy updates or modifications when required.
 
Auditing and Accountability: Unique credentials for each user/app simplify tracking, audits, and identifying suspicious activities or security breaches.

 

Encryption and Decryption 

Credential information is securely stored in an encrypted format, ensuring that once entered, it remains inaccessible. The provided data is encrypted both ways during transmission using TLS and at rest using 256-bit AES encryption.  Learn more about our encryption policy in Qntrl.

Below are the encrypted sensitive details for specific Credential types:

  1. API Key Credential Type - Token is encrypted.

  1. JDBC Credential Type - Password is encrypted.

  1. SSH Credential Type - Password is encrypted.

  1. PowerShell Credential Type - Password is encrypted.

  1. AD Credential Type - Password is encrypted.


Permission settings 

Accessing and utilizing the credentials requires permission, as only users with the appropriate authorization can employ the credentials to execute a message. By default, the user who created the credential can use it. For other users, access to credentials must be enabled in their Profiles section for them to use the credentials.

Types of Credentials in Bridge   

Bridge offers several types of credentials to enable secure access to different services and resources. Each credential type serves specific purposes and has its own set of parameters. Below are the available credential types:

API Key

An API key is a unique code used to identify the application or user making an API request. Based on the scope defined while generating an API Key, it grants access to APIs for data retrieval, updates, or specific actions. API credentials created here can be utilized in Bridge, Circuit, API LookUp fields, and Webhooks. The details required to create API Key credential are:

  • Token: The token generated in the service where the API request is intended to be sent. It's included as a header or parameter in the API request to identify and authorize the requester.

  • Header: Name of the HTTP header that carries the API token or other authentication information. Common header names for API tokens include:

    • Authorization

    • API-Key

    • Bearer

  • Parameter: Names of the query parameters or request body parameters used to pass the API token during an API request. 

JDBC

JDBC credentials provide access to a database connection. When connecting to a database using JDBC, you need to provide a username and password associated with the database account that has the necessary permissions for required database operations. JDBC Credentials created here can be used in Bridge, Circuit, and DB LookUp fields. The below details are required to create a JDBC credential.

  • Username/Password: The username and password associated with the database account you want to use.

OAuth 2.0

In Qntrl, a Connection, can be created and used in Deluge integration tasks or custom functions, to enable users to interact with their chosen service. Connection is based on OAuth 2.0 and acts as a way of login to a service. This type of credential can store the details of a connection, to facilitate the execution of webhooks of any application.

Currently, OAuth 2.0 credentials can be saved and used in only Qntrl cloud, exclusively in Webhooks and cannot be used in Bridge agent. The details required to create OAuth 2.0 credential is given below.

  • OAuth Connection: Input the Connection Link Name of the Connections.

SSH

SSH credentials are used to connect UNIX and Linux devices securely and execute commands over the Secure Shell (SSH) protocol. SSH Credentials created here are used in Bridge and Circuit. The below details are required to create a SSH credential.

  • Username/Password: The username and password of the machine where the shell script is intended to be executed.

Powershell

The credentials of this type are used to connect with Windows machine and execute PowerShell commands securely. PowerShell credentials created here are used in Bridge and Circuit. The below details are required to create a PowerShell:
  1. Username/Password: The username and password of the machine where the PowerShell script is intended to be executed.


Active Directory  

These credentials are used for authenticating and accessing resources within an Active Directory (AD) environment. AD Credentials created here are used in Bridge and Circuit.

  • User DN: Distinguished Name of the Active Directory.

  • Password: Password of the Active Directory.


Create a credential   

  To create a new credential:

  1. Click the settings gear icon at the left pane.

  2. Navigate to Advanced >> Bridge, then select Credentials.

  1. Click the New Credential button.

  2. Fill in the new credential details.
    1. NameProvide a unique name to identify the credential.
    2. TypeChoose the type of credential.
      1. API Key - If the Credential type is API key, mention the API token. 
        1. Append To: Select the Parameter or Header to append the credential   
        2. Parameter or Header name: Provide a name for the Parameter or Header    
      2. JDBC - For the JDBC Credential type, the username and password need to be provided.
      3. OAuth 2.0 - If the Credential type is OAuth 2.0, select the existing DRE connections.
      4. SSH - Provide the username and password of the machine where the Shell script has to be executed.
      5. Powershell - Provide the username and password of the machine where the Powershell script will be executed.
      6. Active Directory - Specify the User DN and Password of the Active Directory.
    3. Use Credentials from Bridge: Select this if you have previously saved credentials in a bridge.
      1. Credential Name in Bridge: Mention the saved credential name.
  1. Click Save.

 


Edit a Credential   

To update the details of an existing credential:

  1. Navigate to(settings) >> Advanced >> Bridge, then select Credentials.

  2. Select the credential you want to edit by clicking on its name.

  3. In the opened credential page, make modifications and click Save. 




Delete a Credential   

To delete an existing credential:

  1. Navigate to(settings) >> Advanced >> Bridge >> select Credentials.

  2. Hover over the name of the credential you want to delete, click the action menu, and select Delete.

  3. Confirm your delete action.

 


    • Related Articles

    • Security Controls

      Data Encryption In Qntrl All the sensitive data is encrypted and stored in the Qntrl database. Sensitive data: Task payload, response Credentials Tokens used to connect with the Bridge AES algorithm is used to encrypt the data at rest. Encryption ...

    • Bridge agent settings

      Once the Bridge agent is set up, you can log in to the bridge agent to view and modify the allowed configuration as needed. To do this: In Qntrl, navigate to (settings) >> Advanced >> Bridge, then select your bridge. Hover your cursor over the bridge ...

    • Other actions in Projects

      Free up a sandbox You can unassociate a project from the sandbox when you want to free up a sandbox. To unassociate a sandbox: Navigate to and select Projects under Advanced. Click the Sandbox button at the top band. All sandboxes will be listed ...

    • SSH Engine

      SSH Engine module in Bridge is used to perform actions in the client network/client's machine by executing a command/script in Linux/UNIX OS. Prerequisite While creating credentials for SSH Engine, choose the Credential type as SSH. Click here to ...

    • Task Engine

      Circuit's Task Engine state is used to connect with other applications and access APIs from a closed space. To retrieve data from a private network, the required API must be accessed from the local machine's network for the required conditions. ...

    You are currently viewing the help articles of Qntrl 3.0. If you are still using our older version and require guidance with it, Click here.