Question 1

How are credentials encrypted in ConnectMyAssets?

Accepted Answer

All credentials stored in the Vault are encrypted with RSA-2048. Encryption happens immediately on entry, using your public key. The private key never leaves your infrastructure, meaning not even ConnectMyAssets can decrypt the stored credentials. This end-to-end encryption model ensures that even in the event of a platform breach, plaintext credentials are never exposed.

Question 2

Do network engineers ever see the passwords stored in the Vault?

Accepted Answer

No. Credentials are fully encrypted and hidden at all times. Operators never see passwords: they are used transparently at connection time. When a user accesses a device through the ConnectMyAssets Bastion, the credential is injected on-the-fly directly from the Vault without ever being displayed. This zero-exposure model means even an operator with device access cannot exfiltrate the credential itself.

Question 3

Can I scope credentials to specific devices or IP ranges?

Accepted Answer

Yes. Each credential set in the Vault can be scoped to specific devices, vendors, or CIDR ranges, applying the principle of least privilege. An automation task or backup job only ever uses the credential it is explicitly authorized for. There is no possibility of accidentally using a high-privilege credential on a device where it should not be used.

Question 4

How does credential rotation work?

Accepted Answer

When you update a credential in the Vault, all dependent automation tasks, backup jobs, and Bastion sessions automatically use the new credential without any manual intervention. This central update model eliminates the need to hunt down every script or job that references a rotated password, reducing the risk of using stale credentials in production.

Question 5

Is there an audit log for credential access?

Accepted Answer

Yes. Every use of a credential from the Vault is logged with the automation task or session that used it, the target device, the initiating user, and a timestamp. This audit trail supports security reviews, incident investigation, and compliance requirements such as PCI-DSS and ISO 27001 that mandate traceability of privileged access.

Credential Vault

Secrets Belong in a Vault

RSA Encryption

On-Premise

Zero Exposure

Scoped Access

Rotation Support

Audit Trail

How It Works

Add Credentials

Assign to Devices

Never Touch Again

Frequently Asked Questions

Secrets Belong in a Vault