Administration Guide
Credentials Reference
Reference for the seven credential types accepted by an Audit Service, their required fields, and storage constraints.
Common fields
Every credential, regardless of type, has:
| Field | Type | Description |
|---|---|---|
| Title | String, free text | Display label that identifies the credential in the pool grid and audit logs. |
| Type | Enum (one of seven, see below) | Determines the rest of the form and how the secret is used. |
| Has password | System-set indicator | Lock icon in the grid when a secret is stored. The stored secret cannot be revealed back through the UI. |
Per-type fields
Windows
For WMI and WinRM audits of Windows endpoints.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Domain | yes | NetBIOS domain or . for local accounts. |
| Username | yes | Account name. |
| Password | yes | Stored encrypted at rest. |
Linux and macOS
For SSH-based audits. A single type covers both OS families.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Port | yes (default 22) |
SSH port on the target. |
| Login | yes | Account name. |
| Password or Private key | one of two | Either an SSH password or a private key. |
| Use sudo | toggle | Run audit commands under sudo. On Linux, AlloyScan may still invoke sudo only for UUID collection when this option is off; the account must have the necessary sudoers permission. |
| Sudo password | conditional | Required whenever sudo prompts for a password, including for Linux UUID collection when Use sudo is off. |
Hypervisor
For VMware ESXi. Other hypervisor values depend on the available credential types.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Port | yes | Management port on the hypervisor. |
| Login | yes | — |
| Password or Private key | one of two | — |
| Use sudo | toggle | — |
SNMP
Single type covering SNMP v1, v2c, and v3.
| Field | Applies to | Description |
|---|---|---|
| Title | all versions | Display label for the credential record. |
| Community (SNMP v1/v2c) | v1, v2c | The SNMP community string. |
| Username (SNMP v3) | v3 | SNMPv3 username. Entering this value exposes the SNMPv3 authentication and privacy options. |
| Authentication protocol | v3 | One of No Authentication, Md5, Sha1, Sha256, Sha384, or Sha512. |
| Authentication phrase | v3 | Authentication secret for the selected protocol. |
| Privacy protocol | v3 | One of NoPrivacy, Des, Aes, Aes192, Aes256, or TripleDes. |
| Privacy phrase | v3 | Privacy secret for the selected protocol. |
AWS
For cloud audits of AWS accounts.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Access key ID | yes (or use IAM role) | AWS access key. |
| Secret access key | yes (or use IAM role) | Stored encrypted. |
Azure
For cloud audits of Azure subscriptions.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Tenant ID | yes | Azure AD tenant. |
| Client ID | yes | App registration client ID. |
| Client secret | yes | Stored encrypted. |
For cloud audits of Google Cloud projects.
| Field | Required | Description |
|---|---|---|
| Title | yes | — |
| Project ID | yes | Target Google Cloud project. |
| Client email | yes | Service account email. |
| Private key or JSON key file | one of two | Service account credential material. |
Constraints
- All credentials are encrypted at rest on the Audit Service host and never leave the customer network.
- The Has password column shows a lock icon when a secret is stored; the actual secret cannot be revealed back through the UI.
- AlloyScan does not currently expose a per-credential Test or Validate button. Validate by triggering an ad-hoc audit.
- Segment-to-credential assignment is managed through the Audit Service pool.
RBAC
| Action | Site Administrator | Site User |
|---|---|---|
| List credentials | yes | no (UI is admin-scoped) |
| Add credential | yes | no |
| Edit credential | yes | no |
| Delete credential | yes | no |
Related
- About Credentials — purpose, storage, rotation.
- How to add credentials — step-by-step.
- About Audit Services — credential pools live inside Audit Services.