Configure Credential Providers

Securely store and inject passwords and SSH keys into your remote sessions using a Vault-compatible backend.

Credential management allows you to hide credentials from end users and automate logins for Web interfaces (RBI) or servers (Bastion).

Accessing Credential Providers

Navigate to the verified_user Admin Area > key Credentials and select enhanced_encryption Credential Providers.

The page displays a list of your vaults and their current lock status.

Credential providers list

General view of credential provider management.

Configuring a Credential Provider

Connect Reemo to a Vault instance to host your credentials.

  1. On the Credential Providers page, click add New Provider.

  2. Choose the tab corresponding to your infrastructure:

Use the Vault instance natively managed by Reemo.

  1. Enter the Name.

  2. Choose the Visibility:

    • Public: Available to all organizations.

    • Private: Must be explicitly assigned to specific organizations.

  3. Check the Internal Vault box.

  4. Click Create.

Unsealing and Testing the Vault

Make the vault operational if it is locked due to a restart or a security policy.

"Sealed" (red) status badge on a credential provider row
  1. Locate the Sealed (red) status on your provider.

  2. Click Unseal and enter your Unseal key. Repeat this process if multiple keys are required by your security configuration.

  3. Once the status turns to Operational (green), click Test.

Tip

Hovering over the tag displays the unseal progress (e.g., “Threshold 3 - Shares 5 - Remaining 2”).

Unseal progress tooltip shown when hovering over the tag

A Success tag confirms that the connection between Reemo and the vault is active.

Credential provider with "Operational" (green) status and "Success" test result

Defining and Mapping Credentials

Create your credentials and map them to your organizations or container profiles.

Creating a Credential

From the providers list, click the name of your vault, go to the Credentials tab, then click New Credential. Follow the same steps as Create a Credential — the Provider field will be pre-filled automatically with this vault.

Mapping a Private Provider to an Organization

If you configured your provider or credential as Private, you must explicitly authorize it for the target organization.

Note

Ensure that your credential provider is currently enabled before attempting to map it.

  1. Navigate to verified_user Admin Area > dashboard General > domain Organizations and select the target organization.

  2. Go to the admin_panel_settings Administration tab > enhanced_encryption Credential Providers.

  3. Click add Add Private Provider.

  4. Select the provider from the pop-up window, then click Save.

See also

Assign a Credential to a Container Profile — as an instance administrator, go to Organizations > select the relevant organization first, then follow the same steps.

Managing a Credential Provider

To edit, enable/disable, or delete a provider, click its name in the Credential Providers list.

Warning

Deleting a provider is permanent. Two conditions will block deletion:

  • One or more credentials are linked to the provider — delete all credentials associated with this provider first.

  • A container profile uses a credential from this provider — dissociate the credential from the profile first, then delete the credential.

Once both conditions are resolved, deletion becomes possible.

  1. Edit: Click edit Edit to change the name, visibility, or connection settings.

  2. Status: Use the link Enable or link_off Disable buttons to change the provider’s availability.

  3. Delete: Access the Delete tab and confirm the action.