It is a common requirement to need to include sensitive information such as API tokens and passwords in agent options blocks. As other users can see agent configurations, Tines provides the credential widget which allows for the use of placeholders in agent options blocks. When an agent containing a credential widget runs, Tines will replace the credential widget with its corresponding user credential. This means that sensitive data does not need to be stored in plaintext in the options block.

Tines supports the following types of credentials:

Creating a Credential

From the credentials page, select “New credential”. You will then be prompted to choose the credential type.

User Credential Storage

All user credentials are stored using strong symmetric encryption, namely: AES in Galois/Counter Mode with a 256-bit key (AES-256-GCM). Each Tines tenant uses unique encryption keys.

Security Considerations when using User Credentials

It is important to note that while user credentials and the credential widget dramatically increase the security of secret information in Tines, like all security solutions, they are not absolute. For example, if Tines is interacting with a 3rd-party service, it is possible the service, depending on its operation, may include the user credential’s value in its response, which Tines will then include in an emitted event.