Credentials in Qntrl | Qntrl | Bridge | Online Help

Credentials

The Credential module provides a streamlined solution for storing and managing authentication credentials for databases, remote machines, and application servers. Instead of entering usernames, passwords, or API keys repeatedly across multiple tasks, you can store them once and reuse them as needed.

It serves as a centralized repository where credentials are stored in an encrypted format and automatically used by Bridge during task execution, reducing manual effort and minimizing the risk of credential exposure.

Depending on your organization’s security preference, credentials can be stored either in the Qntrl cloud or within your on-premise environment via Bridge.

Benefits of Credentials 

Enhanced Security: Credentials ensure security by minimizing the risk of exposing sensitive information like passwords and API keys during authentication, and only allowing authorized entities to use the resources.
 
Convenient Access: Credentials eliminate the need to enter usernames and passwords manually. By referencing the credential name, accessing required resources becomes quick and effortless.
 
Access Control: By utilizing credentials, administrators can grant specific privileges to users or applications, thereby ensuring that they are restricted to accessing only the essential functionalities.
 
Centralized Management: Having all credentials stored in one central location simplifies credential management and allows for easy updates or modifications when required.
 
Auditing and Accountability: Unique credentials for each user/app simplify tracking, audits, and identifying suspicious activities or security breaches.

 

Encryption and Decryption 

Credential information is securely stored in an encrypted format, ensuring that once entered, it remains inaccessible. The provided data is encrypted both ways during transmission using TLS and at rest using 256-bit AES encryption.  
  1. Basic - Password encrypted
  2. API Key  - Token encrypted
  3. JDBC Credential Type - Password encrypted
  4. SSH Credential Type - Password encrypted
  5. PowerShell Credential Type - Password encrypted
  6. AD Credential Type - Password encrypted
  7. NTLM - Password encrypted

Permission settings 

Accessing and utilizing the credentials requires permission, as only users with the appropriate authorization can employ the credentials to execute a message. By default, the user who created the credential can use it. For other users, access to credentials must be enabled in their Profiles section for them to use the credentials.

Supported Credential Types

Bridge offers several types of credentials to enable secure access to different services and resources. Each credential type serves specific purposes and has its own set of parameters. 

Basic

Basic credentials are used to authenticate SOAP requests by passing a username and password. Basic credentials created here can be used in Bridge when making SOAP calls

Fields:

  • Username/Password: The account username and password that will be used to authenticate SOAP requests.


API Key

An API key is a unique code used to identify the application or user making an API request. Based on the scope defined while generating an API Key, it grants access to APIs for data retrieval, updates, or specific actions. API credentials created here can be utilized in Bridge, Circuit, API LookUp fields, and Webhooks

Fields:
  1. Token: The token generated in the service where the API request is intended to be sent. 
  2. Header: Name of the HTTP header that carries the API token or other authentication information. Common header names for API tokens include:
    1. Authorization
    2. API-Key
    3. Bearer
  3. Parameter: Names of the query parameters or request body parameters used to pass the API token during an API request. 

JDBC

JDBC credentials provide access to a database connection. JDBC Credentials created here can be used in Bridge, Circuit, and DB LookUp fields


Fields:
  1. Username/Password: The username and password associated with the database account you want to use.

OAuth 2.0

In Qntrl, a Connection, can be created and used in Deluge integration tasks or custom functions, to enable users to interact with their chosen service. Connection is based on OAuth 2.0 and acts as a way of login to a service. This type of credential can store the details of a connection, to facilitate the execution of webhooks of any application.

Fields:

  • OAuth Connection: Link Name of an existing Connection.


SSH

SSH credentials are used to connect UNIX and Linux devices securely and execute commands over the Secure Shell (SSH) protocol. SSH Credentials created here are used in Bridge and Circuit

Fields:

  • Username/Password: The username and password of the target machine where the shell script is intended to be executed.


Powershell

The credentials of this type are used to connect with Windows machine and execute PowerShell commands securely. PowerShell credentials created here are used in Bridge and Circuit. 

Fields:
  1. Username/Password: The username and password of the target machine where the PowerShell script is intended to be executed.

Active Directory  

These credentials are used for authenticating and accessing resources within an Active Directory (AD) environment. AD Credentials created here are used in Bridge and Circuit.


Fields:

  • User DN: Distinguished Name of the Active Directory.

  • Password: Password of the Active Directory.


NTLM

NTLM (NT LAN Manager) credentials are used for Windows-specific authentication in SOAP requests. NTLM credentials created here can be used in Bridge to connect to SOAP services that require Windows-based authentication. 

Fields:
  • Username/Password: The Windows account username and password used for authentication.
  • Domain: The domain associated with the Windows account.
  • Hostname: The hostname of the Windows machine.

Create a credential   

  To create a new credential:
  1. Click the settings gear icon (⚙) in the left panel.
  2. Navigate to Advanced >> Credentials.
  3. Click the New Credential button.
  4. Fill in the new credential details: 
  5. Name: Provide a unique name to identify the credential.
  6. Type: Choose the type of credential. The fields displayed below will vary depending on the credential type you select. Refer to the Credential Types section for details on each type.
    • Basic - Provide the user name and password.
    • API Key - Mention the API token, then select whether to append it as a Parameter or Header, and specify the name.
    • JDBC - For the JDBC Credential type, the username and password need to be provided.
    • OAuth 2.0 - Select the existing DRE connections.
    • SSH - Provide the username and password of the machine where the Shell script has to be executed.
    • Powershell - Provide the username and password of the machine where the Powershell script will be executed.
    • Active Directory - Specify the User DN and Password of the Active Directory.
    • NTLM - Provide the username, password, domain, and hostname.
  7. Access Type: Determines where the credential is stored and how it is retrieved during task execution. Based on the access type you choose, additional fields appear. CDuring execution, Bridge automatically fetches the credential from the selected access type and uses it at runtime.
    • Native : Credentials are stored securely in the Qntrl database.
    • Bridge : Credentials are stored locally in your Bridge installation, ensuring they never leave your environment and is retrieved only during runtime.
    • Credential Module : Retrieves secrets from an external storage or service dynamically at the time of task execution.
    • Server Script : Fetches credentials using a server script at runtime. This is useful when credential values must be retrieved from an external service before execution.
  8. Scope: Scope determines how the credential behaves across multiple environments in Sandbox. For example, use different DB passwords for Sandbox and Production, but the same credential name. Depending on the chosen scope, relevant fields appear to capture environment-specific values.
    • Global : Same credential value is used for all environments.
    • Environment : Allows separate values for each environment.
  9. Group: Assign the credential to a Group to limit access. Only users or modules associated with that Group can use the credential. Learn more about Groups.
  10. All Modules: Enable All Modules to allow full access. Disable it to select modules manually from the dropdown.
  11. Allowed Modules: Controls which modules can access this credential.
  12. Click Save.

Alert
  • Avoid logging sensitive values (passwords/tokens) in the custom module implementation, as they may get exposed through logs.
  • Do not print or log sensitive credential data inside server scripts.

Edit a Credential   

To update the details of an existing credential:

  1. Navigate to settings (⚙) >> Advanced >> Credentials.

  2. Select the credential you want to edit by clicking on its name.

  3. In the opened credential page, make modifications and click Save. 


Delete a Credential   

To delete an existing credential:

  1. Navigate to settings (⚙) >> Advanced >> Credentials.

  2. Hover over the name of the credential you want to delete, click the action menu, and select Delete.

  3. Confirm your delete action.

 



    • Related Articles

    • Active Directory(AD)

      The Active Directory (AD) module in Qntrl Bridge allows you to integrate with Microsoft Active Directory to manage users, computers, and groups within your organization securely. AD is a directory service developed by Microsoft to centrally manage ...

    • Bridge Agent Configuration

      The Bridge Agent serves is the local management console for your Bridge installation. It provides access to service configurations, execution logs, messages, credentials, and communication settings. The Agent UI is accessible only from within the ...

    • Zoho Directory in Qntrl

      What is Active Directory? Active Directory (AD) by Microsoft is a domain management system for centralized networks. Using AD, you can add users, define their privilege, store and manage information, and authorize and authenticate user accounts. What ...

    • Security Controls

      Data Encryption In Qntrl All the sensitive data is encrypted and stored in the Qntrl database. Sensitive data: Task payload, response Credentials Tokens used to connect with the Bridge AES algorithm is used to encrypt the data at rest. Encryption ...

    • File Management

      Early Access File Management module is not enabled for all users. If you’d like to try it out, please email our support team for early access. The File Management module facilitates file transfer operations across various locations, providing ...

    You are currently viewing the help articles of Qntrl 3.0. If you are still using our older version and require guidance with it, Click here.