Administration Guide
Credentials Reference
Reference for the seven credential types accepted by an Audit Service, their required fields, and storage constraints.
Common fields
Every credential, regardless of type, has:
| Field | Type | Description |
|---|---|---|
| Title | String, free text | Display label that identifies the credential in the pool grid and audit logs. |
| Type | Enum (one of seven, see below) | Determines the rest of the form and how the secret is used. |
| Has password | System-set indicator | Lock icon in the grid when a secret is stored. The stored secret cannot be revealed back through the UI. |
Per-type fields
Windows
For WMI and WinRM audits of Windows endpoints.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Domain | yes | NetBIOS domain or . for local accounts. |
| Username | yes | Account name. |
| Password | yes | Stored encrypted at rest. |
Linux and macOS
For SSH-based audits. A single type covers both OS families.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Port | yes (default 22) |
SSH port on the target. |
| Login | yes | Account name. |
| Password or Private key | one of two | Either an SSH password or a private key. |
| Use sudo | toggle | Run audit commands under sudo. |
| Sudo password | conditional | Required when Use sudo is on and sudo is configured to ask for a password. |
Hypervisor
For VMware ESXi. Behaviour for other hypervisors may vary by deployment.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Port | yes | Management port on the hypervisor. |
| Login | yes | — |
| Password or Private key | one of two | — |
| Use sudo | toggle | — |
SNMP
Single type covering SNMP v1, v2c, and v3.
| Field | Applies to | Description |
|---|---|---|
| Title | all versions | — |
| Community | v1, v2c | The SNMP community string. |
| User | v3 | SNMPv3 username. |
| Security Level | v3 | One of No auth, Auth only, Auth+privacy. |
| Auth protocol | v3 (when Security Level is Auth only or Auth+privacy) |
One of MD5, SHA, SHA-2. |
| Priv protocol | v3 (when Security Level is Auth+privacy) |
One of DES, AES. |
Note: The full set of SNMPv3 dropdown values may vary by deployment.
AWS
For cloud audits of AWS accounts.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Access key ID | yes (or use IAM role) | AWS access key. |
| Secret access key | yes (or use IAM role) | Stored encrypted. |
Azure
For cloud audits of Azure subscriptions.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Tenant ID | yes | Azure AD tenant. |
| Client ID | yes | App registration client ID. |
| Client secret | yes | Stored encrypted. |
For cloud audits of Google Cloud projects.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Project ID | yes | Target Google Cloud project. |
| Client email | yes | Service account email. |
| Private key or JSON key file | one of two | Service account credential material. |
Constraints
- All credentials are encrypted at rest and per vendor documentation never leave the customer network.
- The Has password column shows a lock icon when a secret is stored; the actual secret cannot be revealed back through the UI.
- AlloyScan does not currently expose a per-credential Test or Validate button. Validate by triggering an ad-hoc audit.
- The mapping between Segments and credentials beyond the Audit Service pool may vary by deployment.
RBAC
| Action | Site Administrator | Site User |
|---|---|---|
| List credentials | yes | no (UI is admin-scoped) |
| Add credential | yes | no |
| Edit credential | yes | no |
| Delete credential | yes | no |
Related
- About Credentials — purpose, storage, rotation.
- How to add credentials — step-by-step.
- About Audit Services — credential pools live inside Audit Services.