Credential and Access Management
Credential
A credential consists of two parts: a common part for all users stored in the credentials
table and a unique part for each user it has been shared with, stored in the fields
table.
The credentials
table contains the following relevant fields:
id
(primary key)name
description
credential_type
folder_id
(foreign key referencing thefolders
table)domain
The fields
table contains all the relevant parts of the credentials, including:
id
(primary key)field_name
field_value
field_type
credential_id
(foreign key referencing thecredentials
table)user_id
(foreign key referencing theusers
table)
The fields
table can have multiple rows for sensitive and metadata fields. Sensitive details are always handled with care and are fetched only when required, while metadata is loaded when a user clicks on a folder.
Credential Types
Currently there are two types of Credentials:
Login
Which is used to login to websitesOther
Which includes all other types of Credentials like database, api-key etc.
Access Management
The access to credentials is inferred from the credential_access
table, and only the credentials that a user has access to are fetched.
The credential_access
table contains the following relevant fields:
id
(primary key)credential_id
(foreign key referencing thecredentials
table)user_id
(foreign key referencing theusers
table)access_type
(manager/reader)group_id
(foreign key referencing thegroupings
table)folder_id
(foreign key referencing thefolders
table)
Access to a credential can be granted through:
- Direct sharing of the credential to a user
- Direct sharing of a folder containing the credential
- Sharing the credential to a group
- Sharing a folder containing the credential to a group
By using the credential_access
table, the system ensures that users can only access the credentials they have been granted permission to view or modify.