The Credential module provides a streamlined solution for storing and managing authentication credentials for databases, remote machines, and application servers. Organizations dealing with multiple databases or APIs often face repetitive credential entry, raising concerns about security and password exposure.
To address these concerns, the Credentials module serves as a centralized repository within a bridge, specifically designed for storing authentication data like usernames and passwords. This ensures that when a task is executed through the bridge, the required credentials can be easily accessed and utilized from the Credential module without any manual effort or intervention.
Users have the flexibility to create and store credentials within their Qntrl cloud account or on-premise system via the Bridge agent, based on organizational preferences.
Benefits of Credentials
Enhanced Security: Credentials ensure security by minimizing the risk of exposing sensitive information like passwords and API keys during authentication, and only allowing authorized entities to use the resources.
Convenient Access: Credentials eliminate the need to enter usernames and passwords manually. By referencing the credential name, accessing required resources becomes quick and effortless.
Access Control: By utilizing credentials, administrators can grant specific privileges to users or applications, thereby ensuring that they are restricted to accessing only the essential functionalities.
Centralized Management: Having all credentials stored in one central location simplifies credential management and allows for easy updates or modifications when required.
Auditing and Accountability: Unique credentials for each user/app simplify tracking, audits, and identifying suspicious activities or security breaches.
Encryption and Decryption
Credential information is securely stored in an encrypted format, ensuring that once entered, it remains inaccessible. The provided data is encrypted both ways during transmission using TLS and at rest using 256-bit AES encryption.
Basic - Password encrypted
API Key - Token encrypted
JDBC Credential Type - Password encrypted
SSH Credential Type - Password encrypted
PowerShell Credential Type - Password encrypted
AD Credential Type - Password encrypted
NTLM - Password encrypted
Permission settings
Accessing and utilizing the credentials requires permission, as only users with the appropriate authorization can employ the credentials to execute a message. By default, the user who created the credential can use it. For other users, access to credentials must be enabled in their Profiles section for them to use the credentials.
Supported Credential Types
Bridge offers several types of credentials to enable secure access to different services and resources. Each credential type serves specific purposes and has its own set of parameters.
Basic
Basic credentials are used to authenticate SOAP requests by passing a username and password. Basic credentials created here can be used in Bridge when making SOAP calls.
Fields:
API Key
An API key is a unique code used to identify the application or user making an API request. Based on the scope defined while generating an API Key, it grants access to APIs for data retrieval, updates, or specific actions. API credentials created here can be utilized in Bridge, Circuit, API LookUp fields, and Webhooks.
Fields:
- Token: The token generated in the service where the API request is intended to be sent.
JDBC
JDBC credentials provide access to a database connection. JDBC Credentials created here can be used in Bridge, Circuit, and DB LookUp fields.
Fields:
- Username/Password: The username and password associated with the database account you want to use.
OAuth 2.0
In Qntrl, a Connection, can be created and used in Deluge integration tasks or custom functions, to enable users to interact with their chosen service. Connection is based on OAuth 2.0 and acts as a way of login to a service. This type of credential can store the details of a connection, to facilitate the execution of webhooks of any application.
Fields:
SSH
SSH credentials are used to connect UNIX and Linux devices securely and execute commands over the Secure Shell (SSH) protocol. SSH Credentials created here are used in Bridge and Circuit.
Fields:
Powershell
The credentials of this type are used to connect with Windows machine and execute PowerShell commands securely. PowerShell credentials created here are used in Bridge and Circuit.
Fields:
- Username/Password: The username and password of the target machine where the PowerShell script is intended to be executed.
Active Directory
These credentials are used for authenticating and accessing resources within an Active Directory (AD) environment. AD Credentials created here are used in Bridge and Circuit.
Fields:
NTLM
NTLM (NT LAN Manager) credentials are used for Windows-specific authentication in SOAP requests. NTLM credentials created here can be used in Bridge to connect to SOAP services that require Windows-based authentication.
Fields:
Username/Password: The Windows account username and password used for authentication.
Domain: The domain associated with the Windows account.
Hostname: The hostname of the Windows machine.