User Guide
Credential Types Reference
AlloyScan stores credentials in an Audit Service's credentials pool. Each credential is one of nine typed records. AlloyScan uses the credential type to authenticate to a matching target (Windows host, Linux host, hypervisor, SNMP device, or cloud or provider-specific source) during scan and audit.
Fields by type
| Type | Required fields | Notes |
|---|---|---|
| Windows | Title, Domain, Username, Password | Used for WMI and WinRM audits of Windows targets. |
| Linux and macOS | Title, Port (default 22), Login, Password or Private key, Use sudo, Sudo password | Single type covers both Linux and macOS targets via SSH. |
| Hypervisor | Title, Port, Login, Password or Private key, Use sudo | Used for hypervisor audit. VMware ESXi is the verified target. |
| SNMP | Title; for v1 / v2c: Community. For v3: Username (SNMP v3), Authentication protocol, Authentication phrase, Privacy protocol, Privacy phrase | SNMPv3 authentication and privacy options appear after you enter Username (SNMP v3). |
| AWS | Title, Access key ID, Secret access key (or IAM role) | Used by AWS cloud Segments (Preview). |
| Azure | Title, Tenant ID, Client ID, Client secret | Used by Azure cloud Segments (Preview). |
| Google Cloud Platform | Title, Project ID, Client email, Private key (or JSON key file) | Used by Google Cloud Platform Segments (Preview). |
| Google Directory | Title, Client email, Delegated admin email, optional Customer ID, Private key, Confirm private key, Upload service account JSON | Used by Google Directory Chromebook Segments (Preview). Uploading a Google service account JSON file can autofill the client email and private key. |
| Jamf | Title, Jamf Pro server root URL, Login, Password, Confirm password | Used by Jamf Segments (Preview). |
Constraints
- All credentials are encrypted at rest on the Audit Service host and never leave the local network.
- The stored secret cannot be revealed after save. The credential record shows only Has password or Not set. To rotate, enter a new value - the previous stored secret is overwritten.
- A credential's type is fixed at creation and is not editable after save.
- Each Audit Service has its own credentials pool. The pool is local to that service host and is not shared across sites.