Access Credentials are used to connect to VGS to send data to third parties via outbound routes.
Access Credentials are automatically generated when your vault is created. To help ensure security, credentials are never stored in plaintext within VGS' systems. When Access Credentials are generated you will be prompted to download them.
Be sure to store a copy securely. If you lose these credentials or they are compromised, you may generate a new set via the dashboard.
In the Vault Settings page, admins can see the list of all access credentials, as well as generate additional sets of credentials.
For each credential, the following information is displayed:
- username - a randomly generated string used to identify the credentials. This value is not sensitive.
- created at - the date the credentials were generated.
- status - signifies whether the credentials are active or inactive.
Access Credentials are automatically created for the user when a vault is created. To help ensure security, credentials are never stored in plaintext within VGS systems. When Access Credentials are generated you will be prompted to download them. If you lose these credentials you can generate a new pair via the settings page for your vault.
Access Credentials can be generated and read only by organization admins.
Please note that the credential’s secret can be downloaded only at the time of generation.
Rotating credentials is a security best practice as it shortens the period access credentials can be used. This also reduces any possible business impact if they are compromised.
Remember to always check whether the new credentials are active and working before you delete your current credentials. You cannot retrieve your credentials once they are deleted.
How to rotate your credentials:
- Go to your vault on VGS Dashboard, select vault Settings and find Access Credentials section. Each vault has at least one set of access credentials by default. In order to perform rotation you’d need at least two. To add a new set of credentials click on “Generate Credentials”. This will show newly generated username/password pair. Store these credentials securely on within your environment .
- You should now have 2 active credentials for your vault. You need to make sure to distribute new username/password pair to all applications which use VGS.
- At this point you need to change the status of old credentials to “Inactive”. This will disable credentials in a way that they couldn’t be used for outbound traffic anymore .
- Make sure to validate all applications are working. In case everything is working as expected feel free to go to step 5. If anything has broken by mistake, for example you forgot to update one of applications using VGS vault, you can quickly make them “Active” again and go back to step 2.
- After you’ve verified everything is working it’s safe to delete old credentials. Deleted credentials cannot be restored. That’s why VGS asks for additional confirmation before they’re deleted .