Credentials

The Credentials page provides a single place to store any secure credentials needed by runZero, including:

  • SNMPv3 credentials
  • Access secrets for cloud services like AWS and Azure
  • API keys for services such as Censys and Miradore

Credentials are stored in encrypted form in the runZero database. Credentials, such as SNMP passwords, are used by runZero Explorers and are transmitted to them in encrypted form. For security reasons, the secret part of any credential cannot be viewed once entered.

When adding a credential, you can choose to make it a global credential that can be used for all organizations or to allow access only by specific organizations. The Allow all or Disallow all buttons let you quickly apply the same setting across all organizations. Individual organizations can also be toggled to allow or disallow access.

Credential options

The specific fields and options for a credential depend on the type of credential.

VMware and SNMP credentials, which are used by the runZero Explorer, allow a CIDR allow list to be specified. This can be used to limit which scanned IP addresses the credential will be used with. This feature allows you to avoid sending SNMP or VMware credentials to all scanned hosts on the network, and instead limit them to specific IP addresses or ranges.

Credential management

Users must have administrator-level permissions to manage credentials. Users with Administrator as their default role can fully manage all credentials. Users with per-organization permissions do not have access to global credentials, and are only able to manage credentials in organizations where they have administrator permissions. A shared credential cannot be deleted by an organization administrator.