# Credential Manager

{% hint style="info" %}
**Important Note:** The actions described here are visible only to **Org Administrators**. General users cannot access Credential Manager.
{% endhint %}

***

## Credential Manager: Overview <a href="#credential-manager-overview" id="credential-manager-overview"></a>

**Credential Manager (CM)** is your encrypted “digital locker” inside AutoRABIT.\
Store usernames, passwords, SSH keys, tokens, and certificates once, then reuse them across repositories and integrations without re-entering secrets each time.

Key benefits:

* Centralized, encrypted storage managed by ARM.
* Role-based sharing (global vs. private).
* Eliminates hard-coding credentials in jobs or scripts.

***

## Create a New Credential <a href="#create-a-new-credential" id="create-a-new-credential"></a>

1. Hover over **`Admin`** and click **`Credentials`**.

   <figure><img src="https://1912836914-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9vAxMuDrkUkB4OXlH9CL%2Fuploads%2FmZIj8euRmu4cPlHINT8C%2Fimage.png?alt=media&#x26;token=afeefa9b-4b3a-403c-81e3-7b55b3056345" alt="Admin menu with Credentials option highlighted" width="326"><figcaption></figcaption></figure>
2. Click **Create Credential**.

   <figure><img src="https://1912836914-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9vAxMuDrkUkB4OXlH9CL%2Fuploads%2FkoDLCCmTg37eBDY0dPUa%2Fimage.png?alt=media&#x26;token=2c6ccced-2fe8-49ab-b247-8c50ac6f477a" alt="Create Credential button"><figcaption></figcaption></figure>
3. In the pop-up, enter a **Credential name** and choose a **Credential Type**:
   * **Username with Password**
   * **SSH**
   * **HashiCorp Vault**
   * **SSH Certificate**
   * **Application Token** (Enterprise only)

***

### Username with Password <a href="#username-with-password" id="username-with-password"></a>

Provide the service **username** and **password**. Choose a **Credential Scope**:

* **Global** – share with the team.
* **Private** – visible only to you.

<figure><img src="https://1912836914-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9vAxMuDrkUkB4OXlH9CL%2Fuploads%2F1izvOnggnNG4zjkxc2w6%2Fimage.png?alt=media&#x26;token=69280679-ea0d-4e05-b696-e7a0b0a00ca3" alt="Username with Password credential form" width="563"><figcaption></figcaption></figure>

***

### SSH <a href="#ssh" id="ssh"></a>

Upload or paste your **private key** (optionally protected by a passphrase). ARM stores the key and uses it for Git operations over SSH.

<figure><img src="https://1912836914-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9vAxMuDrkUkB4OXlH9CL%2Fuploads%2FnwvA0oZE1KLdfkVaqo0j%2Fimage.png?alt=media&#x26;token=ca763fdd-0ea4-465d-a144-63fe56c9f17f" alt="SSH credential form with key upload" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}

* **Recommended** – SSH keys are more secure than user/password.
* Choose **Global** or **Private** scope.
* Paste or upload the private key file; ARM never exposes it in plain text.
  {% endhint %}

***

### HashiCorp Vault <a href="#hashicorp-vault" id="hashicorp-vault"></a>

Add HashiCorp Vault credentials once; ARM can now generate a new **Vault Token** automatically via **AWS authentication** whenever the old token expires.

<figure><img src="https://1912836914-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9vAxMuDrkUkB4OXlH9CL%2Fuploads%2FgGFyzIW164PHG75hxkCs%2Fimage.png?alt=media&#x26;token=731f9510-d197-4db6-9a83-2b193de90537" alt="HashiCorp Vault credential form with AWS Auth option" width="563"><figcaption></figcaption></figure>

*For details, see the dedicated* [*HashiCorp Vault guide*](https://knowledgebase.autorabit.com/product-guides/arm-1/integration-and-plugins/hashicorp-vault#what-is-hashicorp-vault)*.*

***

### Authentication Using SSH Certificates <a href="#authentication-using-ssh-certificates" id="authentication-using-ssh-certificates"></a>

**SSH certificates** pair a public key with a signature from a trusted Certificate Authority (CA). A Git server that trusts the CA accepts any certificate signed by it.

* Upload the **certificate-signed key** while creating the credential.
* Supported for **GitHub Enterprise Cloud** orgs.

<figure><img src="https://1912836914-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9vAxMuDrkUkB4OXlH9CL%2Fuploads%2F0OGk5FPM8sVT0UtZgMJ0%2Fimage.png?alt=media&#x26;token=11f38fda-2b9e-49a9-bf01-4a6755e6cce1" alt="SSH Certificate credential form" width="563"><figcaption></figcaption></figure>

> **Limitation:** Available only for GitHub Enterprise Cloud.

***

### Application Token (for Enterprise Users Only) <a href="#application-token-for-enterprise-users-only" id="application-token-for-enterprise-users-only"></a>

Connect ARM to Jira via **Personal Access Token (PAT)** to meet enterprise compliance.

1. Select **Application Token** as **Credential Type**.
2. Paste the **PAT** generated in Jira.
3. Click **Save**.

<figure><img src="https://1912836914-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9vAxMuDrkUkB4OXlH9CL%2Fuploads%2FUHcZyZsHYlyGxB0bG0lG%2Fimage.png?alt=media&#x26;token=36abbb3c-6039-4868-9e9b-3ce4e9f3bd86" alt="Application Token credential form for Jira integration"><figcaption></figcaption></figure>

{% hint style="warning" %}
**Important Note:** The **Application Token** credential type is **not supported for ARM CI Jobs**.\
It is intended only for **enterprise Jira integration** using a Personal Access Token (PAT).\
Do **not** configure Application Token as the credential type for CI Jobs. For CI Jobs, use supported SCM credentials (for example, **Username and Password or others**) instead.
{% endhint %}

Need PAT access? Email **<support@autorabit.com>**.\
How to create a PAT in Jira: [Atlassian docs](https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html).

***