Working with system credentials

In Trust Protection Platform, credential objects provide an innovative way to centrally manage and share your system credentials. Each credential object can be associated with a single device or application, or it can be shared by multiple objects.

Most credential objects store the credentials used by Trust Protection Platform to authenticate with devices, applications, CAs, and Active Directory user directories. Without them, Trust Protection Platform can't manage the certificates associated with devices, applications, and CAs. Other Credential objects don't store credentials but instead connect with external password vaults such as CyberArk or HashiCorp Vault (which can be done using the Adaptable Credential).

You create credential objects in Trust Protection Platform using any of the following credential types:

• Adaptable Credential (Username/Password, and Password)
• Amazon Credential
• Certificate Credential
• CyberArk Username Private Key Credential
• Generic Credential
• Google Cloud CA Credential
• Password Credential
• Private Key Credential
• Username Password Credential

One of the great things about credential objects is that after you create them, you don't have to repeat the credential configuration for every device, application, or CA. You just reference the existing credential object. If the credential changes—for example, an organization's security policy might require changing user name and password credentials every 90 days; or you might need to swap out a private key used by an existing private key credential—you merely update the single credential object to give Trust Protection Platform access to all of its associated devices and applications.