Credentials
The Credentials module provides a secure vault for storing and managing passwords, API keys, and other authentication credentials for your clients.
Overview
Securely manage:
- Website logins
- Application passwords
- API keys and tokens
- SSH keys
- Service account credentials
- Admin passwords
Security
Credentials in Ascent are:
- Encrypted at rest - AES-256 encryption
- Access controlled - Role-based access
- Audit logged - All access is recorded
- Securely transmitted - TLS encryption
Viewing Credentials
Navigate to Assets → Credentials to see stored credentials.
Credential List
The list shows:
- Credential name
- Client
- Username
- URL
- Associated assets
Note: Passwords are never shown in the list view.
Adding a Credential
- Click + Add Credential
- Enter credential details:
- Name - Descriptive name (e.g., "Client Portal Admin")
- Client - Owner of the credential
- Type - Password, API Key, SSH Key, etc.
- Username - Login username
- Password - The secret (encrypted)
- URL - Where this credential is used
- Optional information:
- Associated asset
- Notes
- Expiration date
- Click Save
Credential Types
| Type | Description |
|---|---|
| Password | Standard username/password |
| API Key | API authentication token |
| SSH Key | SSH public/private key pair |
| Certificate | Client certificate |
| Token | OAuth or bearer token |
| Other | Misc. credentials |
Viewing Credentials Securely
To view a stored password:
- Open the credential detail page
- Click Reveal Password
- Password is shown temporarily
- Click to copy to clipboard
- Password auto-hides after a few seconds
All credential views are logged.
Credential Detail Page
Information
- Name and type
- Client association
- Username and URL
Password/Secret
- Click to reveal (with logging)
- Copy to clipboard
- Change password
Usage
- Associated assets
- Who has accessed
Audit Log
- All access events
- Changes made
Password Generation
Generate secure passwords:
- Click Generate Password
- Configure options:
- Length (12-64 characters)
- Include uppercase
- Include numbers
- Include symbols
- Use the generated password
Linking to Assets
Associate credentials with assets:
- Server admin passwords
- Device login credentials
- Application accounts
When viewing an asset, you can see its linked credentials.
Access Control
Control who can view credentials:
- Full Access - Can view and edit
- Limited Access - Can view only
- No Access - Cannot see at all
Configure per-role or per-user.
Audit Trail
All credential activity is logged:
- Who viewed the credential
- When it was viewed
- Changes made
- From what IP address
Best Practices
- Use strong passwords - Use the generator
- Rotate regularly - Update passwords periodically
- Limit access - Only grant access when needed
- Review audit logs - Monitor for unauthorized access
- Document purpose - Clear names and notes
- Link to assets - Know what uses each credential
- Enable 2FA - Where possible, use MFA