User Guide

Credential Types Reference

AlloyScan stores credentials in an Audit Service's credentials pool. Each credential is one of nine typed records. AlloyScan uses the credential type to authenticate to a matching target (Windows host, Linux host, hypervisor, SNMP device, or cloud or provider-specific source) during scan and audit.

Fields by type

Type Required fields Notes
Windows Title, Domain, Username, Password Used for WMI and WinRM audits of Windows targets.
Linux and macOS Title, Port (default 22), Login, Password or Private key, Use sudo, Sudo password Single type covers both Linux and macOS targets via SSH.
Hypervisor Title, Port, Login, Password or Private key, Use sudo Used for hypervisor audit. VMware ESXi is the verified target.
SNMP Title; for v1 / v2c: Community. For v3: Username (SNMP v3), Authentication protocol, Authentication phrase, Privacy protocol, Privacy phrase SNMPv3 authentication and privacy options appear after you enter Username (SNMP v3).
AWS Title, Access key ID, Secret access key (or IAM role) Used by AWS cloud Segments (Preview).
Azure Title, Tenant ID, Client ID, Client secret Used by Azure cloud Segments (Preview).
Google Cloud Platform Title, Project ID, Client email, Private key (or JSON key file) Used by Google Cloud Platform Segments (Preview).
Google Directory Title, Client email, Delegated admin email, optional Customer ID, Private key, Confirm private key, Upload service account JSON Used by Google Directory Chromebook Segments (Preview). Uploading a Google service account JSON file can autofill the client email and private key.
Jamf Title, Jamf Pro server root URL, Login, Password, Confirm password Used by Jamf Segments (Preview).

Constraints

  • All credentials are encrypted at rest on the Audit Service host and never leave the local network.
  • The stored secret cannot be revealed after save. The credential record shows only Has password or Not set. To rotate, enter a new value - the previous stored secret is overwritten.
  • A credential's type is fixed at creation and is not editable after save.
  • Each Audit Service has its own credentials pool. The pool is local to that service host and is not shared across sites.