Skip to content

Credential and Access Management

Credential

A credential consists of two parts: a common part for all users stored in the credentials table and a unique part for each user it has been shared with, stored in the fields table.

The credentials table contains the following relevant fields:

  • id (primary key)
  • name
  • description
  • credential_type
  • folder_id (foreign key referencing the folders table)
  • domain

The fields table contains all the relevant parts of the credentials, including:

  • id (primary key)
  • field_name
  • field_value
  • field_type
  • credential_id (foreign key referencing the credentials table)
  • user_id (foreign key referencing the users table)

The fields table can have multiple rows for sensitive and metadata fields. Sensitive details are always handled with care and are fetched only when required, while metadata is loaded when a user clicks on a folder.

Credential Types

Currently there are two types of Credentials:

  • Login Which is used to login to websites
  • Other Which includes all other types of Credentials like database, api-key etc.

Access Management

The access to credentials is inferred from the credential_access table, and only the credentials that a user has access to are fetched.

The credential_access table contains the following relevant fields:

  • id (primary key)
  • credential_id (foreign key referencing the credentials table)
  • user_id (foreign key referencing the users table)
  • access_type (manager/reader)
  • group_id (foreign key referencing the groupings table)
  • folder_id (foreign key referencing the folders table)

Access to a credential can be granted through:

  • Direct sharing of the credential to a user
  • Direct sharing of a folder containing the credential
  • Sharing the credential to a group
  • Sharing a folder containing the credential to a group

By using the credential_access table, the system ensures that users can only access the credentials they have been granted permission to view or modify.