Child pages
  • Credentials
Skip to end of metadata
Go to start of metadata


 Credentials can have one of a few different types - snmp v.1 / v.2, snmp v.3, ssh, ssh key, windows are all implemented. CAVEAT - ssh keys are not implemented for Windows Open-AudIT servers as yet.

How Does it Work?

Credentials are stored in the "credentials" database table. The actual credential information is encrypted in storage. When a Discovery is run, a device has it's credentials retrieved and tested for connection first. If these fail the list of credentials is also tested against the device. Working credentials are stored at an individual device level in the "credential" table (note - no 's' in the table name). SSH keys are tested before SSH username / password. When testing SSH, credentials will also be marked as working with sudo or being root.


NOTE - If you request a downloaded CSV, XML or JSON format (either a single credential, or the complete collection) the actual credential details will be sent. Not the encrypted string, the actual username, password, community string, etc. Any sensitive details are not displayed in the web GUI, but are made available via other formats.

Creating Credentials

To make another credential entry use the menu and go to menu: Discover -> Credentials -> Create Credentials. Provide a name, organisation and optionally a description. Choose a type of credential. Once you do this, the additional fields will populate with the available configurable options.




SSH Keys

You should copy and paste the entire file into the textbox. In the case below, copy ALL the text.


Viewing Credential Details

Go to menu: Discover -> Credentials -> List Credentials.

You will see a list of credential. You can view a credential by clicking on the blue view icon. You can also edit or delete your credentials.

Database Schema

The schema for the database is below. It can also be found in the application if the user has database::read permission by going to menu: Manage -> Database -> List, then clicking on the "credentials" table.

Example Database Entry

Credentials are stored in the database in the "credentials" table. A typical entry will look as below.

NOTE - org_id is not used at present.

API / Web Access

You can access the /credentials collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see the API documentation for further details.

When requesting a credentials details via the API, the credentials section will be decrypted.

API Routes

Request Method
Resulting Function
Permission Required
URL Example
Example Response
POSTn createcredentials::create/credentialsInsert a new credentials entry.credentials_create.json
GETy readcredentials::read/credentials/{id}Returns a credentials details.credentials_read.json
PATCHy updatecredentials::update/credentials/{id}Update an attribute of a credentials entry.credentials_patch.json
DELETEy deletecredentials::delete/credentials/{id}Delete a credentials entry.credentials_delete.json
GETn collectioncredentials::read/credentialsReturns a list of credentials.credentials_collection.json

Web Application Routes

Request Method
Resulting Function
Permission Required
URL Example
GETncreatecreate_formcredentials::create/credentials/createDisplays a standard web form for submission to POST /credentials.
GETyupdateupdate_formcredentials::update/credentials/{id}/updateShow the script details with the option to update attributes using PATCH to /credentials/{id}
GETnimportimport_formcredentials::create/credentials/importDisplays a standard web form for submission to POST /credentials/import.
POSTnimportimportcredentials::create/credentials/importImport multiple credentials using a CSV.


  1. SSH key format to paste in web UI should be detailled

  2. The note about the credentials doesn't seem to be true... tested and the hash is actually sent, not the credentials in clear. 

    1. WIll be true from 2.1 onwards.

      1. But why? That's a big security risk to send credentials in clear text like that 

        1. You can use https for transport security.

          Credentials are read/write, not write only.