Manage your credentials | Fluid Attacks Help

Manage your credentials

Fluid Attacks requires your organization to provide credentials to access the repositories to be tested. Alternatively, your organization can allow access to repositories via Open Authorization (OAuth), eliminating the need to provide credentials. Both actual credentials (e.g., username and password pairs) and connections made with OAuth are registered in the Credentials section on Fluid Attacks' platform. From there, you can also begin the connection via OAuth to the supported providers, which are GitHub, GitLab, Bitbucket, and Azure.

View organization credentials table

Role requirement info
Role required: User, Vulnerability Manager or User Manager

The table in the Credentials section shows the credentials stored for use across the organization, meaning that they are accessible to all groups within the organization.

Credentials table
The table provides the following information:
  • Name: The unique identifier for the credential.
  • Type: The authentication method, which can be one of the following:
    • User and password: The classic combination of username and password
    • SSH: A secure key used for accessing remote systems, similar to a password but more secure
    • Access token: A Personal Access Token used for authentication with Azure DevOps
    • AWSROLE: Allows Fluid Attacks to assume an Identity and Access Management (IAM) role in your AWS account
    • OAUTH: Used for delegated authorization to grant Fluid Attacks access to your repositories on supported providers (GitHub, GitLab, Bitbucket, and Azure)
  • Owner: The email of either the person who registered the credentials on the platform or the last person who edited them
  • Status: Whether credentials are associated with repositories under evaluation by Fluid Attacks and, if so, which repositories

Add credentials

Role requirement info
Role required: User Manager

If you wish to connect Fluid Attacks' platform with an account on  a supported code repository hosting provider, refer to the instructions at Import repositories fast and safely with OAuth.

Info on permissions
Ensure that the provider (Azure, GitLab, GitHub, or Bitbucket) allows third-party applications (like Fluid Attacks platform) to access your repositories via OAuth.
If not going for OAuth this time, follow these steps to add new credentials to use across your organization:
  1. Go to the Credentials section.

  2. Click on Add credential.

  3. Choose Add manually.
    4. Add credentials on the Fluid Attacks platform

  4. In the pop-up window, enter a unique credential name and select the credential type. (Read below what extra steps to follow if you are choosing an AWS role.)
    5. Provide credentials details on the Fluid Attacks platform

  5. Provide the relevant credentials and click on Add. The new credentials are then added to the table.
    6. View added credentials on the Fluid Attacks platform

In case you choose to grant Fluid Attacks access through cross-account IAM, you are asked for the Amazon Resource Name (ARN) of the role. Therefore, you need to follow these extra steps:

  1. In the pop-up window, copy the external ID provided by Fluid Attacks.
    2. Get external ID for IAM role on the Fluid Attacks platform

  2. Create an IAM role including the external ID. To learn how to do this, read the corresponding instructions in Set up an AWS integration.

Note on having several AWS accountsNote: If your organization has multiple AWS accounts, you can create the IAM role in each account and provide the corresponding ARN when adding credentials.

Edit credentials

Role requirement info
Role required: User Manager

Do the following to edit existing credentials:
  1. Go to the Credentials section.

  2. Select the credentials and click on Edit.
    3. Edit credentials on the Fluid Attacks platform

  3. In the pop-up window, make the desired changes and, if needed, turn on the toggle that says New secrets to enable editing them.
    4. Change credentials secrets on the Fluid Attacks platform

  4. Click Edit to apply the changes.
Note on editing secrets
Note: If you edit credentials secrets, you are the new owner of the credentials in question. 

Remove credentials

Role requirement info
Role required: User Manager

Bear in mind the following considerations about removing credentials:
  1. Removing credentials also removes them from all associated Git roots.
  2. Removing a member from the organization removes their credentials from the organization.
These are the steps to delete credentials:
  1. Access the Credentials section.

  2. Select the credentials and click on Remove.
    3. Remove credentials on the Fluid Attacks platform

  3. Confirm the removal in the warning window.
    4. Confirm credentials removal on the Fluid Attacks platform

Search the credentials table

Role requirement info
Role required: User, Vulnerability Manager or User Manager

You can filter the credentials table by using the search bar. You can search by the contents of Name, Type, and Owner. Just type what you are looking for and only the rows whose content match your search are shown.
Search credentials on the Fluid Attacks platform

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.