Online Help
Credential Types Reference
AlloyScan stores credentials in an Audit Service's credentials pool. Each credential is one of seven typed records. AlloyScan uses the credential type to authenticate to a matching target (Windows host, Linux host, hypervisor, SNMP device, or cloud account) during scan and audit.
Fields by type
| Type | Required fields | Notes |
|---|---|---|
| Windows | Title, Domain, Username, Password | Used for WMI and WinRM audits of Windows targets. |
| Linux and macOS | Title, Port (default 22), Login, Password or Private key, Use sudo, Sudo password | Single type covers both Linux and macOS targets via SSH. |
| Hypervisor | Title, Port, Login, Password or Private key, Use sudo | Used for hypervisor audit. VMware ESXi is the verified target. |
| SNMP | Title; for v1 / v2c: Community. For v3: User, Security level (No auth / Auth only / Auth+privacy), Auth protocol (MD5 / SHA / SHA-2), Privacy protocol (DES / AES) | SNMP v3 supports SHA-2 authentication. |
| AWS | Title, Access key ID, Secret access key (or IAM role) | Used by AWS cloud Segments (Preview). |
| Azure | Title, Tenant ID, Client ID, Client secret | Used by Azure cloud Segments (Preview). |
| Title, Project ID, Client email, Private key (or JSON key file) | Used by Google cloud Segments (Preview). |
Constraints
- All credentials are encrypted at rest on the Audit Service host and never leave the local network.
- The stored secret cannot be revealed after save. The credential record shows only Has password or Not set. To rotate, enter a new value — the previous stored secret is overwritten.
- A credential's type is fixed at creation and is not editable after save.
- Each Audit Service has its own credentials pool. The pool is local to that service host and is not shared across sites.
Note: Details may vary by deployment — for SNMP v3 specifically, the available dropdown values for Security level, Auth protocol, and Privacy protocol may differ.