Create Managed Credentials

In Tenable.io, you can use credentials to grant a scanner local access to scan a target system without requiring an agent. Configuring credentialed scans allows Tenable.io to perform a wider variety of checks than non-credentialed scans, which can result in more accurate scan results.

With managed credentials, you configure and store these credentials centrally in the credential manager, instead of configuring and storing the credentials in specific scans.

To create managed credentials:

  1. Determine which credential settings you want to use.
  2. (Optional) Use the POST /credentials/files endpoint to upload any file needed for a specific setting (for example, a private key file for SSH credentials). Be sure to retain the fileuploaded value from the response message to use in the credentials creation request.
  3. Construct a request for the POST /credentials endpoint.

Example Request Body: Windows Credentials

The following is an example of JSON request body for creating Windows host credentials:

{
    "name": "Standard Windows",
    "description": "Template Windows credentials for Columbia, MD office devices",
    "type": "Windows",
    "settings": {
        "domain": "",
        "username": "[email protected]",
        "auth_method": "Password",
        "password": "aJ^deq34Rc"
    },
    "permissions": [
        {
            "grantee_uuid": "72edb588-da98-43fb-9c59-8ad7bb0d336f",
            "type": "user",
            "permissions": 64,
            "name": "[email protected]"
        }
    ]
}

Example Request Body: SSH Credentials

The following is an example of JSON request body for creating SSH certificate credentials.

In this example, the fileuploaded values from the POST /credentials/files response messages you submitted are ssh_user_cert and ssh_private_key.

{
    "name": "Standard SSH",
    "description": "Template SSH credentials for Columbia, MD office devices",
    "type": "SSH",
    "settings": {
        "auth_method": "certificate",
        "username": "[email protected]",
        "user_cert": "ssh_user_cert",
        "private_key": "ssh_private_key",
    },
    "permissions": [
        {
            "grantee_uuid": "72edb588-da98-43fb-9c59-8ad7bb0d336f",
            "type": "user",
            "permissions": 64,
            "name": "[email protected]"
        }
    ]
}

Did this page help you?