Credential management

Boundary supports credential management using credential stores. There are two types of credential stores: Static and Vault credential stores. During the adoption phase you will focus on using Static credential store. Static credential stores are built into Boundary and only store static credentials like username and password, or keypairs.

You can find how to configure a static credential store following this guide.

Credential brokering

Credential brokering is a workflow, where Boundary retrieves credentials from a credentials store and presents them to the end user. The end user then enters the credentials into the session when prompted.

You can attach brokered credentials to either TCP or SSH targets. Brokered credentials can take the form of a token, username and password, SSH private key, certificate, JSON blob, or an unstructured secret stored in Vault, for example.

You can find how to configure targets with credential brokering following this guide.

Useful resources

The following resources help you to implement, troubleshoot and resolve Credential Brokering related issues.

• Credential Management Docs
• Credential Management Tutorials