Vault
Last updated
Last updated
The Vault feature in Autom Mate allows for the secure management of credentials required for various processes initiated by applications or users. This documentation outlines the processes involved in creating, managing, and requesting access to credentials within the Vault.
AES-GCM Symmetric Encryption: Applied for storing vault data, access and refresh tokens, and custom credentials. Encryption uses a 36-character secret key, ensuring data security during storage.
bcrypt genSaltSync Hashing: Employed for one-way hashing, such as user passwords, with a salt value of 8. This method ensures password security by creating a unique hash that cannot be reversed.
App Credentials are specific credentials created within the system for the purpose of establishing connections required by applications. Users with the necessary permissions can manage these credentials, including creating new ones, editing existing ones, or deleting redundant ones.
Authentication Types refer to the methods utilized for verifying the identities of users or systems. They play a vital role in enforcing security controls and access permissions. Within Autom Mate, the App Credential section supports the following authentication types:
OAuth (Open Authorization): An open standard for secure authentication and authorization, commonly used for granting limited access to resources without exposing user credentials.
OAuth 2.0: A streamlined and secure version of OAuth, widely used in modern web and mobile applications for authorization and authentication.
Basic Authentication: Simple method of sending a username and password with each HTTP request. Considered less secure due to the transmission of credentials as plain text.
API Key: Unique identifier used to authenticate requests made to a web service or API.
Access Token: A string of characters in OAuth 2.0 used for representing authorization granted to a client application.
Users can designate a specific credential as the default for an application. This ensures that the designated credential is automatically used when interacting with the application.
Note: Understanding OAuth Refresh Tokens and Scope
In OAuth, the refresh token is essential for maintaining long-term access without requiring the user to re-authenticate frequently. The offline_access scope is typically used to ensure that the authorization server provides a refresh token along with the access token. If the refresh token is not provided, the OAuth flow may fail, resulting in errors.
Access Tokens:
Access tokens usually have a limited lifespan (e.g., 1 hour).
Once the access token expires, it cannot be used to access protected resources.
Refresh Tokens:
A refresh token is used to obtain a new access token once the current one expires.
Refresh tokens allow the application to maintain access without repeatedly prompting the user for authentication.
The offline_access scope requests that the authorization server issues a refresh token in addition to the access token.
This scope is used when the client application needs to perform actions on behalf of the user for an extended period.
It is not mandatory for the offline_access scope to be included, as some products can return a refresh token without any scope specified. However, if the option is available, it should be utilized to ensure a refresh token is received.
If the offline_access scope is not included and the authorization server does not provide a refresh token, the OAuth flow may fail.
This failure can cause the application to repeatedly prompt the user for authentication or disrupt ongoing processes.
Specifically, the absence of a refresh token can result in an invalid_client error, indicating that the OAuth process could not be completed successfully.
When setting up OAuth authorization, it is important to include the offline_access scope in your authorization request, if available, to ensure you receive a refresh token from the authorization server. This will allow you to maintain seamless access without frequent re-authentication.
Custom Credentials are specialized credentials used by bots or specific users. Developers can select these credentials when designing flows, and users can request access to credentials created by others.
Credential Name
Credential Description
Variable Name: Name of the specified variable.
Variable Description: Description of the variable.
Variable Value: Definition of the variable.
Is Masked?: Masks the value of a confidential variable.
Click "+" to include additional variables.
To edit your credentials, navigate pencil icon that is located under actions click on it.
To delete a single credential, click on the square icon next to the credential in the list, then click the trash can icon in the upper right corner. For bulk deletion, select multiple credentials using the square icon on the far left of the title section, then click the trash can icon.
This documentation provides a comprehensive guide to effectively manage credentials within the Autom Mate Vault, ensuring secure and efficient application processes. For further assistance, please refer to the relevant sections or contact the system administrator.
Custom Credential Management
When users create custom credentials within the Autom Mate Vault, these credentials are tailored to their specific needs and are accessible only to the user who created them. This user-centric approach ensures that sensitive credential information remains securely within the control of its owner and is not shared across accounts.
For instance, if User 1 creates a custom credential named "custom1", it will be visible and accessible only to User 1 within their Vault. When User 2 logs in to the system and attempts to access "custom1", it will not appear in the Vault page, as custom credentials are inherently tied to the user who created them.
This user-based segregation of custom credentials enhances security and privacy, preventing unauthorized access and ensuring that each user has exclusive control over their own set of credentials. Therefore, custom credentials cannot be shared between accounts and remain strictly within the ownership and purview of the creating user.
By adhering to this principle of user-centric credential management, Autom Mate ensures the integrity and confidentiality of sensitive information while empowering users with the flexibility to create and manage credentials tailored to their specific requirements.