Credential and Access Management

Credential

A credential consists of two parts: a common part for all users stored in the credentials table and a unique part for each user it has been shared with, stored in the fields table.

The credentials table contains the following relevant fields:

id (primary key)
name
description
credential_type
folder_id (foreign key referencing the folders table)
domain

The fields table contains all the relevant parts of the credentials, including:

id (primary key)
field_name
field_value
field_type
credential_id (foreign key referencing the credentials table)
user_id (foreign key referencing the users table)

The fields table can have multiple rows for sensitive and metadata fields. Sensitive details are always handled with care and are fetched only when required, while metadata is loaded when a user clicks on a folder.

Credential Types

Currently there are two types of Credentials:

Login Which is used to login to websites
Other Which includes all other types of Credentials like database, api-key etc.

Access Management

The access to credentials is inferred from the credential_access table, and only the credentials that a user has access to are fetched.

The credential_access table contains the following relevant fields:

id (primary key)
credential_id (foreign key referencing the credentials table)
user_id (foreign key referencing the users table)
access_type (manager/reader)
group_id (foreign key referencing the groupings table)
folder_id (foreign key referencing the folders table)

Access to a credential can be granted through:

Direct sharing of the credential to a user
Direct sharing of a folder containing the credential
Sharing the credential to a group
Sharing a folder containing the credential to a group

By using the credential_access table, the system ensures that users can only access the credentials they have been granted permission to view or modify.