This article provides an overview of how authentication data is categorized and managed within the main appliance.

Security management is split into two distinct categories based on their functional purpose. Understanding this distinction is critical for maintaining a secure and organized inventory:

• Passwords: These credentials specifically relate to user accounts that grant access to the main appliance. These are used by your IT team members to log in, manage resources, and perform administrative tasks.

• Secrets: These are passwords and credentials stored for the purpose of authentication during discovery and other automated tasks. When you configure a scan for a Windows, *nix, or database target, the credentials used to gain access to those remote systems are classified as Secrets.

Key management areas

You can manage the following password and secret operations to ensure compliance with your organization's security standards:

Password policy and security

• Credential Policy: Define complexity requirements, rotation schedules, and expiration rules for both internal users and discovery secrets.

• Secret Permissions: Configure granular access control to determine which users or groups can view, use, or edit specific secrets.

Operations and reporting

• Password Reporting: Generate audits and reports to track credential usage, identify expired passwords, and maintain a history of access events.

• Burnt Secret Storage: Securely manage and store "burnt" or retired secrets that are no longer in active use but must be retained for audit trails or historical recovery.

Use the following links and sections to navigate to specific credential management tasks:

• Creating Secrets: Add new credentials to be used by discovery jobs.

• Managing User Accounts: Update and rotate passwords for team members.

• Access Auditing: Review the logs to see which discovery jobs or users accessed specific credentials.