# Credential Manager
{% hint style="info" %}
**Important Note:** The actions described here are visible only to **Org Administrators**. General users cannot access Credential Manager.
{% endhint %}
***
## Credential Manager: Overview
**Credential Manager (CM)** is your encrypted “digital locker” inside AutoRABIT.\
Store usernames, passwords, SSH keys, tokens, and certificates once, then reuse them across repositories and integrations without re-entering secrets each time.
Key benefits:
* Centralized, encrypted storage managed by ARM.
* Role-based sharing (global vs. private).
* Eliminates hard-coding credentials in jobs or scripts.
***
## Create a New Credential
1. Hover over **`Admin`** and click **`Credentials`**.
2. Click **Create Credential**.
3. In the pop-up, enter a **Credential name** and choose a **Credential Type**:
* **Username with Password**
* **SSH**
* **HashiCorp Vault**
* **SSH Certificate**
* **Application Token** (Enterprise only)
***
### Username with Password
Provide the service **username** and **password**. Choose a **Credential Scope**:
* **Global** – share with the team.
* **Private** – visible only to you.
***
### SSH
Upload or paste your **private key** (optionally protected by a passphrase). ARM stores the key and uses it for Git operations over SSH.
{% hint style="info" %}
* **Recommended** – SSH keys are more secure than user/password.
* Choose **Global** or **Private** scope.
* Paste or upload the private key file; ARM never exposes it in plain text.
{% endhint %}
***
### HashiCorp Vault
Add HashiCorp Vault credentials once; ARM can now generate a new **Vault Token** automatically via **AWS authentication** whenever the old token expires.
*For details, see the dedicated* [*HashiCorp Vault guide*](https://knowledgebase.autorabit.com/product-guides/arm-1/integration-and-plugins/hashicorp-vault#what-is-hashicorp-vault)*.*
***
### Authentication Using SSH Certificates
**SSH certificates** pair a public key with a signature from a trusted Certificate Authority (CA). A Git server that trusts the CA accepts any certificate signed by it.
* Upload the **certificate-signed key** while creating the credential.
* Supported for **GitHub Enterprise Cloud** orgs.
> **Limitation:** Available only for GitHub Enterprise Cloud.
***
### Application Token (for Enterprise Users Only)
Connect ARM to Jira via **Personal Access Token (PAT)** to meet enterprise compliance.
1. Select **Application Token** as **Credential Type**.
2. Paste the **PAT** generated in Jira.
3. Click **Save**.
{% hint style="warning" %}
**Important Note:** The **Application Token** credential type is **not supported for ARM CI Jobs**.\
It is intended only for **enterprise Jira integration** using a Personal Access Token (PAT).\
Do **not** configure Application Token as the credential type for CI Jobs. For CI Jobs, use supported SCM credentials (for example, **Username and Password or others**) instead.
{% endhint %}
Need PAT access? Email ****.\
How to create a PAT in Jira: [Atlassian docs](https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html).
***
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://knowledgebase.autorabit.com/product-guides/arm/arm-administration/user-management/arm-credential-manager.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
