Managing existing credentials
If you need to modify, move, or delete existing credentials, look no further than the Credentials inventory in TLS Protect (Inventory > Credentials).
One of the most common reasons to update credentials is when your organization's security policy requires you to change username and password credentials. And sometimes you just need to clean up by deleting credentials no longer in use.
From the Credentials inventory, you can view details about a specific credential, including where it's used and the permissions applied to it. You can move, rename, or delete a credential. And you can even replace the private key of a private key credential by simply dragging and dropping in a new one.
TIP Each row in the Credentials inventory includes a quick action button that lets you apply actions on the credential, such as moving or deleting. For private key credentials, you can even replace its associated private key with another private key (see Replacing a private key credential's private key).
The Credentials inventory shows you the credentials stored in the system and lets you filter the list, making it easier to locate specific types of credentials.
What information is shown in the credentials Inventory?
The Credentials inventory displays a list of all or your credentials, along with columns of additional information about each credential. You can customize the inventory by adding, removing, and sorting columns.
Here are the available columns, which ones are visible by default, and which of them are sortable.
|
Column |
Description |
Default |
Sortable |
|---|---|---|---|
|
Name |
The name of the credential given by the user when the credential was created. |
Yes |
Yes |
|
Type |
The type of credential. Trust Protection Platform has several types of credentials. The actual credential types you see depends on the products you have licensed. The credential types can include:
|
Yes |
Yes |
|
Folder |
The folder location in the tree where the credential is stored. |
Yes |
Yes |
|
Contacts |
The list of contact(s) created by the user who created the credential. |
No |
No |
|
Created On |
The date the credential was created. |
No |
Yes |
|
Description |
The description provided by the user when they created the credential. |
No |
Yes |
Can I see all existing system credentials in my Credential's inventory?
Your ability to see credentials in the system is limited by your permissions. If you have the create permission to the Policy root folder or if you have the read permission to at least one credential in Trust Protection Platform, then you can see the Credentials item in the Inventory menu. Otherwise, it won't be visible.
In addition, only those credentials to which you have the read permission are visible to you in Credentials inventory.
Filtering credentials in the credential inventory
You can expand the Credential Properties filter, and you can filter on any of the columns.
You can use filters to quickly find items in Venafi Platform inventories. Items that can be filtered include certificates, SSH keys, devices, identities, credentials, or Server Agents.
From any inventory list you can apply one or more filters to narrow the results. For example, use filters when you want to find a specific item, or find a group of items that meet a more specific set of criteria.
Filter Panel Types
The filter panel contains the following filter
- Credential Properties. This is a list of properties that allows you to find credential objects based on specific properties related to the item.
To refine a list of discovered objects Using Filters
-
From the menu, open any of the inventory list views.
For example, click Inventory > Credentials.
-
Using Filters, select and apply one or more filters to narrow the list of discovered items.
DID YOU KNOW? As you select and remove filters, the inventory list is automatically refreshed giving you instant filter results.
- When you find the object you want in the inventory, click its name to view details.
EXAMPLE How search filtering works
All of the selections in a filter field are OR fields.
In the example above, the search could be described in the following way:
Show me all certificates with (policy location of EMEA or EMEA/Marketing) and (a certificate type of Server Certificate or a Client Device Certificate) and (Status of Disabled and Expired-Long Term).
List of Credential Properties filters
The following filters are available on the Credential Inventory page.
| Common Filter | Description |
Multi-value Support |
Type |
|---|---|---|---|
|
Name |
Filters based on the credential name. |
No |
Partial match search (starts with) |
|
Description |
Filters based on the description of the credential |
Yes / OR |
Search from list |
|
Contacts |
Filters based on the credential’s contact name or group. You can select multiple contacts, if needed. |
Yes / OR |
Search from list |
|
Folder |
Filters based on the certificate's parent folder. When you select at least one folder, a checkbox appears allowing you to search through all sub-folders as well. |
Yes / OR |
Select from list |
|
Credential Type |
Filters based on the type of the credential. E.g. Amazon Credential, Certificate Credential, CyberArk Username Password Credential, etc. |
Yes / OR |
Select from list |
|
Created On |
Date the credential was created. Can specify a specific date range, or a dynamic date range (next 60 days) |
Date Range |
Explicit or dynamic range |
Viewing information about a specific credential
You can click on any credential name to view the permissions screen that controls access to who can see the credential.
The credential details page shows you information about the credential, and allows you to take action on a credential. For more information, see Exploring credential details.