Credentials

Introduction

In OpsRamp, credentials play a vital role for secure access and management of resources in your IT environment. Credentials are sets of authentication details like usernames, passwords, keys that are used to connect to various resources in your platform.

OpsRamp supports a wide range of credential types like Application, SNMP, VMware, Windows (WMI), Linux OS - Agentless (SSH), and Nutanix.

Configuration and management of credentials is essential for a secure connection across your infrastructure and proper monitoring of IT resources.

Prerequisites

To create a credential set with a password vault, there should be an installed Password Management integration, like Hashicorp, ManageEngine Password Manager.

Permissions

Following are the permissions required to perform various tasks.

Category	Permission Type	Permission Value	Task
Account Administration	Credentials	View	To view Credentials card in Setup → Account.
	Credentials	Create	To create a credential.
	Credentials	View	To view a credential.
	Credentials	Edit	To update a credential.
	Credentials	Manage	To manage (create, update, and remove) a credential.

Note: This feature is available only at the client level.

Create a credential

Follow these steps to create a credential:

Click Setup → Account.
From Account Details screen, click Credentials tile.
Click +ADD. The ADD CREDENTIAL screen is displayed.

Enter the following information:

CREDENTIALS

Field Name	Field Type	Description
Credential Type	Dropdown	Select credential type as APPLICATION. Based on credential type selected, the input fields vary.
Name	String	Provide a name for the credential.
Description	String	Provide a brief description about the credential.
User Name	String	Enter the User Name.
Password Vault (Optional)	Checkbox	Select the checkbox. The Integrations and Policy Mapping dropdowns are displayed. All installed Password Management integrations are listed in the Integrations dropdown. Select integration from Integration dropdown. Select vault policy from Policy Mapping dropdown.
Password	String	Enter a strong password.
Confirm Password	String	Reenter the password.
Port	Integer	Enter port number.
Connection Timeout (ms)	Integer	Enter the connection timeout. Example: 10000.

Click SAVE. The credential is saved and listed on CREDENTIALS listing screen.

Follow these steps to configure credential types such as SNMP, Linux OS - Agentless (SSH), WINDOWS (WMI):

SNMP

For SNMP as credential type

Following are common steps for configuring credentials for SNMP versions v1 and v2.

Enter the following information in ADD CREDENTIAL screen:

Field Name	Field Type	Description
Credential Type	Dropdown	SNMP
Name	String	Provide a name for the credential.
Description	String	Provide a brief description about the credential.
SNMP Version	Dropdown	Select a version. Default is V1. Note: For Version V3, the input fields vary. For more information, see SNMP field values.
Port	Integer	Enter the port number. Default is 161. Agent receives requests on UDP port 161. For more information, see SNMP field values.
Community	String	Enter the community string. Default is public.
Password Vault (Optional)	Checkbox	Select the checkbox. The Integration and Policy Mapping dropdowns are displayed. All installed Password Management integrations are listed in the Integrations dropdown. Select integration from Integration dropdown. Select vault policy from Policy Mapping dropdown.
Connection Timeout(ms)	Integer	Specify the connection timeout in milliseconds.

Click SAVE. The credential is saved and listed on CREDENTIALS listing screen.

SNMP v3

SNMPv3 is a user-based security model. It provides secure access to the devices by combining authenticating and encrypting packets over the network. The security features provided in SNMPv3 are message integrity, authentication, and encryption.

To configure credentials for SNMP version v3:

Enter the following information in ADD CREDENTIAL screen:

Field Name	Field Type	Description
Credential Type	Dropdown	SNMP
Name	String	Provide a name for the credential.
Description	String	Provide a brief description about the credential.
SNMP Version	Dropdown	V3 See SNMP field values.
Port	Integer	SNMP Agent port. The default port is 161.
Context	N/A	Specify context name (an octet string) that identifies the collection of management information accessible by an SNMP entity.
SNMPV3 User Name	N/A	Enter the user name configured on the target device.
Security Level	Dropdown	Select an option. Based on the selection, the fields to enter will change. NOAUTHNOPRIV: Communication without Authentication and Privacy AUTHPRIV: Communication with Authentication and Privacy AUTHNOPRIV: Communication with Authentication and without Privacy
Authentication Protocol	MD5 SHA SHA224 SHA256 SHA384 SHA512	Authentication in an SNMPv3 uses an encryption algorithm to determine if the data is from a valid source. The encryption algorithms for authentication: Message Digest Algorithm: Generates a 128-bit (16 bytes) message digest. Secure Hash Algorithm: Generates a 160-bit (20 bytes) message digest. MD5: Message Digest 5 - Older hash function, less secure but still supported. SHA: SHA-1 – More secure than MD5, commonly used. SHA224: SHA-2 variant with 224-bit output. SHA256: Stronger SHA-2 variant with 256-bit output (recommended for higher security). SHA384: Even stronger SHA-2 variant. SHA512: Most secure in this list; used in environments requiring high-level security. Tip: Use SHA256 or higher if your device supports it and security is a concern. Use SHA or MD5 for compatibility with older devices.
Password Vault (Optional)	Checkbox	Select this checkbox to securely retrieve the SNMPv3 authentication credentials from the configured password vault. The Integration and Policy Mapping dropdowns are displayed. All installed Password Management integrations are listed in the Integrations dropdown. Select integration from Integration dropdown. Select vault policy from Policy Mapping dropdown.
Authentication Password	N/A	Enter the Authentication password.
Confirm Authentication Password	N/A	Re-enter authentication password for validation.
Privacy Protocol	AES-128 AES-192 AES-192-C AES-256 AES-256-C DES 3DES	Privacy in SNMPv3 uses an encryption algorithm to encode the contents of an SNMPv3 packet. This encoding is used to verify that the content cannot be viewed by unauthorized entities when routed over the network. Advanced Encryption Standard (AES 128) is a 128-bit standard, cryptographic algorithm that encrypts and decrypts data. Advanced Encryption Standard (AES 192) is a 192-bit standard, cryptographic algorithm that encrypts and decrypts data. AES-192 using Cisco-specific conventions – supported by some Cisco devices. Advanced Encryption Standard (AES 256) is a 256-bit standard, cryptographic algorithm that encrypts and decrypts data. AES-256 using Cisco-specific conventions – for Cisco compatibility. Data Encryption Standard (DES) is a 64-bit standard that encrypts and decrypts data. Triple DES – applies DES three times for improved security, but less efficient than AES.
Privacy Password	N/A	Enter the privacy password.
Confirm Privacy Password	N/A	Re-enter authentication password for validation.
Connection Timeout(ms)	N/A - Default value: 1000 milliseconds	Provide a maximum time period for discovery. If the gateway does not get a response from the device after 1000 milliseconds, it terminates the discovery.

Click SAVE. The credential is saved and listed on CREDENTIALS listing screen.

Linux OS - Agentless (SSH)

For Linux OS - Agentless (SSH) as credential type

Enter the following information in CREDENTIALS screen:

Field Name	Field Type	Description
Credential Type	Dropdown	SSH
Name	String	Provide a name for the credential.
Description	String	Provide a brief description about the credential.
Authentication Type	Dropdown	PASSWORD or KEYPAIR types are available. For PASSWORD: Enter username, password, and reenter password in the User Name, Password, and Confirm Password fields. For KEYPAIR: Enter username in the User Name field. Upload a file through the Upload via file option or provide a link through the Already has a link option. Enter passphrase in the SSH Key Passphrase field. To ensure that you have typed the correct passphrase, click the eye icon to view the passphrase that you entered. Reenter the passphrase in Confirm SSH Key Passphrase field. To ensure that you have typed the correct passphrase, click the eye icon to view the passphrase that you entered.
Password Vault (Optional)	Checkbox	Select the checkbox. The Integration and Policy Mapping dropdowns are displayed. All installed Password Management integrations are listed in the Integrations dropdown. Select integration from Integration dropdown. Select vault policy from Policy Mapping dropdown.
Secure	Checkbox	Select this checkbox to enable secure connection.
Port	Integer	Enter the port number. Default is 22.
Connection Timeout(ms)	Integer	Specify the connection timeout in milliseconds. Example: 10000

Click SAVE. The credential is saved and listed in CREDENTIALS listing screen.

WINDOWS (WMI)

For Windows (WMI) as credential type

Enter the following information in CREDENTIALS screen:

Field Name	Field Type	Description
Credential Type	Dropdown	WINDOWS
Name	String	Provide a name for the credential.
Description	String	Provide a brief description about the credential.
Domain Name	String	Enter domain name. Example: Administrator
User Name	String	Enter username.
Password Vault (Optional)	Checkbox	Select the checkbox. The Integration and Policy Mapping dropdowns are displayed. All installed Password Management integrations are listed in the Integrations dropdown. Select integration from Integration dropdown. Select vault policy from Policy Mapping dropdown.
Password	String	Enter the password. To ensure that you have typed the correct password, click the eye icon to view the password that you entered.
Confirm Password	String	Reenter the password. To ensure that you have typed the correct password, click the eye icon to view the password that you entered
Connection Timeout(ms)	Integer	Specify the connection timeout in milliseconds. Example: 10000

Click SAVE. The credential is saved and listed in CREDENTIALS listing screen.

Similarly, configure credential set for other credential types like Application, CiscoUCS, Nutanix, VMware, XEN.

Manage credentials

Follow these steps to navigate to the CREDENTIALS listing screen:

Click Setup → Account.
From Account Details screen, click Credentials tile. The CREDENTIALS listing screen is displayed.

You can perform the following actions:

Action	Steps
Search	To search for a credential: Click the search icon in CREDENTIALS screen. Enter credential name in the search box. The search result is displayed.
Filter	You can filter credentials by credential type: Click All Types dropdown in CREDENTIALS screen. Select credential type(s). The filter result is displayed.
View and Edit	To view or edit credential information: Search for the credential. Hover the mouse over the credential name and click action (three dots) icon. Select View. Make the required changes. Credential Type field is not editable. Click SAVE. The credential details are updated, and a confirmation message is displayed.
Copy Credentials	Note: This option is visible only if the Show Copy Clipboard option is enabled in Account Settings of the client. You should have "View Credential" permission to copy the credentials. To copy a credential: Search for the credential. Hover the mouse over the credential name and click action (three dots) icon. Select Copy Credentials. The credentials are copied to the clipboard and a confirmation message appears. If Two-Factor authentication is enabled, you have to enter the code or key (based on the authentication methods) to validate the authentication. After successful validation, the credential is copied. A confirmation message appears.
Unassign resources	To unassign resource(s) from a credential: Search for the credential. Click the number in the Resources column to view the list of resources assigned to the credential. The ASSIGNED RESOURCES window is displayed. Search for the resource and select the checkbox next to it. You can also select the resources directly in the window. Click UNASSIGN RESOURCES. The resource is unassigned and a confirmation message appears.
Remove	To remove a credential: Search for the credential. Hover the mouse over the credential name and click action (three dots) icon. Select Remove. From the confirmation dialog box, click REMOVE. The credential is removed, and a confirmation message is displayed.