Skip to main content

How to manage Target Authentication credentials in Snyk API & Web

Learn how to manage and rotate credentials to ensure secure, reusable authentication across your targets

Written by Natalia Yurchenko

The Credentials Manager is a centralised hub designed to simplify how you handle target authentication data across your Snyk API & Web account. Instead of re-entering the same sensitive information for every target, you can now manage them in one secure location.

Using the Credentials Manager simplifies the password rotation process and improves security for sensitive credentials.

The Credentials Manager is an evolution of the Secrets Obfuscation feature.

Centralising Credentials

To add a new Credential to your account:

  1. Navigate to the Credentials section in your account settings.

  2. Click Add Credential.

  3. Decide if the Credential is sensitive. Values of sensitive credentials are permanently hidden from all users, but can be updated.

  4. Choose the scope of the Credential. Credentials can be scoped to the entire account or restricted to users from specific teams. Account-wide credentials can be used by everyone in the account.

  5. Optionally, add a Credential Description. Add whatever relevant information your team would need to understand when to use this credential.

Linking Credentials to a Target

Once a Credential is created, you can link it to any target:

  1. Go to the Target Settings for the specific application you want to scan.

  2. In the authentication or header configuration section, select the option to Link from Credentials Manager.

  3. Choose the appropriate Credential from the dropdown list.

Where you can use Credentials

You can securely store sensitive information in several areas across Snyk API & Web. Look for the Add Credential icon in the following locations:

  • Target Settings > Authentication: Login Form fields, Custom Variables for Login Sequences, Authentication Payloads, Static Headers/Cookies, Basic Auth Login/Password.

  • Target Settings > Scanner: Custom Headers and Cookies, API Parameter Custom Values, Postman Environment Values.

  • Target Settings > Extra Hosts: Custom Headers and Cookies.

Setting Permissions and Scope

Access to Credentials is based on your user role and assigned permissions:

  • Update Target Configuration: Users with this permission can create a Credential and use it within their specific targets.

  • Manage Credentials: This is a new permission level. Users with this role can create, view, update, and delete Credentials across the account or team, even if the Credential was created by someone else. Check this article for more information about Permissions.

  • Scoped Credentials: Credentials can be scoped to the entire account or restricted to users from specific teams.

Transitioning from Obfuscated Values

The Credentials Manager represents an evolution of Secret obfuscation:

  • Obfuscation Toggle: Upon the release of the Credentials Manager, the option to turn obfuscation ON or OFF for account owners will be hidden, as centralized management becomes the new standard for sensitive data.

  • Existing Configurations: All existing configurations will be kept and continue working as usual. You can keep them as they are or replace them with Credentials, which we recommend.

  • Obfuscated Values: If the value was previously obfuscated, it cannot be retrieved. To create new Obfuscated values, use Sensitive Credentials.

Did this answer your question?