Page cover image

Vault

Overview

The Vault feature in Autom Mate allows for the secure management of credentials required for various processes initiated by applications or users. This documentation outlines the processes involved in creating, managing, and requesting access to credentials within the Vault.

Encryption and Hashing Methods

  • AES-GCM Symmetric Encryption: Applied for storing vault data, access and refresh tokens, and custom credentials. Encryption uses a 36-character secret key, ensuring data security during storage.

  • bcrypt genSaltSync Hashing: Employed for one-way hashing, such as user passwords, with a salt value of 8. This method ensures password security by creating a unique hash that cannot be reversed.

App Credential Management

App Credentials are specific credentials created within the system for the purpose of establishing connections required by applications. Users with the necessary permissions can manage these credentials, including creating new ones, editing existing ones, or deleting redundant ones.

Fields for App Credentials

Credential Name

This is a unique identifier assigned to each credential within the Vault. It helps distinguish one credential from another and is crucial for referencing and managing credentials effectively.

Application

The "Application" field denotes the specific application or system for which the credential is intended. It establishes the connection between the credential and its designated use case.

Owner

The "Owner" of a credential is the individual or entity who created the credential. This information helps in identifying the responsible party for managing and maintaining the credential.

Edit

The "Edit" option provides users with the ability to update and modify the details of a credential. It allows for changes such as updating authentication methods, URLs, or other pertinent information.

Delete

The "Delete" option allows users to remove a credential from the Vault when it is no longer needed or relevant. This action permanently removes the credential from the system.

Disconnect

"Disconnect" refers to the action of severing the connection between a credential and its associated application. This may be necessary in cases where the credential needs to be disassociated from its current use.

Authentication Type (Auth Type)

The "Authentication Type" specifies the method used to authenticate the credential when connecting to its designated application. It defines the security protocol or mechanism employed for access.

Created on Date

The "Created on Date" indicates the date and time when the credential was initially created and added to the Vault. This information provides a timeline for tracking the credential's lifecycle and usage history.

Authentication Types

Authentication Types refer to the methods utilized for verifying the identities of users or systems. They play a vital role in enforcing security controls and access permissions. Within Autom Mate, the App Credential section supports the following authentication types:

  • OAuth (Open Authorization): An open standard for secure authentication and authorization, commonly used for granting limited access to resources without exposing user credentials.

  • OAuth 2.0: A streamlined and secure version of OAuth, widely used in modern web and mobile applications for authorization and authentication.

  • Basic Authentication: Simple method of sending a username and password with each HTTP request. Considered less secure due to the transmission of credentials as plain text.

  • API Key: Unique identifier used to authenticate requests made to a web service or API.

  • Access Token: A string of characters in OAuth 2.0 used for representing authorization granted to a client application.

Adding a New App Credential

1

Navigate to the Vault section under Management in the Left Menu

2

Click to New App Credential

3

Select the desired application from the list

4

Fill in the required fields

  • Connector Name: Name of the connector.

  • Authentication Type: Type of authentication method (e.g., token, OAuth).

  • URL (if applicable): Required for certain applications that necessitate service connections.

Edit - Disconnect - Delete an App Credential

1

Navigate to the Vault section under Management in the Left Menu.

2

To see the defined credentials on the application click to expand button that is located at the right side of the application section.

3

Select the action that you want to do

  • Disconnect Credentials

  • Delete Credentials

  • Edit Credentials

Setting Default Credentials

Users can designate a specific credential as the default for an application. This ensures that the designated credential is automatically used when interacting with the application.

Note: Understanding OAuth Refresh Tokens and Scope

In OAuth, the refresh token is essential for maintaining long-term access without requiring the user to re-authenticate frequently. The offline_access scope is typically used to ensure that the authorization server provides a refresh token along with the access token. If the refresh token is not provided, the OAuth flow may fail, resulting in errors.

OAuth and Refresh Tokens

  1. Access Tokens:

    • Access tokens usually have a limited lifespan (e.g., 1 hour).

    • Once the access token expires, it cannot be used to access protected resources.

  2. Refresh Tokens:

    • A refresh token is used to obtain a new access token once the current one expires.

    • Refresh tokens allow the application to maintain access without repeatedly prompting the user for authentication.

Offline_access Scope

  • The offline_access scope requests that the authorization server issues a refresh token in addition to the access token.

  • This scope is used when the client application needs to perform actions on behalf of the user for an extended period.

  • It is not mandatory for the offline_access scope to be included, as some products can return a refresh token without any scope specified. However, if the option is available, it should be utilized to ensure a refresh token is received.

OAuth Errors

  • If the offline_access scope is not included and the authorization server does not provide a refresh token, the OAuth flow may fail.

  • This failure can cause the application to repeatedly prompt the user for authentication or disrupt ongoing processes.

  • Specifically, the absence of a refresh token can result in an invalid_client error, indicating that the OAuth process could not be completed successfully.

Implementation

When setting up OAuth authorization, it is important to include the offline_access scope in your authorization request, if available, to ensure you receive a refresh token from the authorization server. This will allow you to maintain seamless access without frequent re-authentication.

Custom Credential Management

Custom Credentials are specialized credentials used by bots or specific users. Developers can select these credentials when designing flows, and users can request access to credentials created by others.

Fields for Custom Credentials

Credential Name

Name of the credential.

Request Status

Indicates the approval status of the request.

Access Type

Specifies the type of access granted.

Credential Owner

Specifies the owner of the credential.

Actions

Allows editing of the credential details.

Adding New Custom Credential

1

Navigate to the Vault section under Management in the Left Menu.

2

Select the Custom Credentials tab.

3

Click on the "Add New Credential" button.

4

Fill in the required details:

  • Credential Name

  • Credential Description

  • Variable Name: Name of the specified variable.

  • Variable Description: Description of the variable.

  • Variable Value: Definition of the variable.

  • Is Masked?: Masks the value of a confidential variable.

  • Click "+" to include additional variables.

5

Click "Save" to add the new credential.

Editing Custom Credential

To edit your credentials, navigate pencil icon that is located under actions click on it.

Deleting Custom Credential

To delete a single credential, click on the square icon next to the credential in the list, then click the trash can icon in the upper right corner. For bulk deletion, select multiple credentials using the square icon on the far left of the title section, then click the trash can icon.

This documentation provides a comprehensive guide to effectively manage credentials within the Autom Mate Vault, ensuring secure and efficient application processes. For further assistance, please refer to the relevant sections or contact the system administrator.

Attention

Custom Credential Management

When users create custom credentials within the Autom Mate Vault, these credentials are tailored to their specific needs and are accessible only to the user who created them. This user-centric approach ensures that sensitive credential information remains securely within the control of its owner and is not shared across accounts.

For instance, if User 1 creates a custom credential named "custom1", it will be visible and accessible only to User 1 within their Vault. When User 2 logs in to the system and attempts to access "custom1", it will not appear in the Vault page, as custom credentials are inherently tied to the user who created them.

This user-based segregation of custom credentials enhances security and privacy, preventing unauthorized access and ensuring that each user has exclusive control over their own set of credentials. Therefore, custom credentials cannot be shared between accounts and remain strictly within the ownership and purview of the creating user.

By adhering to this principle of user-centric credential management, Autom Mate ensures the integrity and confidentiality of sensitive information while empowering users with the flexibility to create and manage credentials tailored to their specific requirements.

PreviousForgot PasswordNextWebhook & API

Last updated

Was this helpful?