Outbound Access Credentials

Access Credentials are used to connect to VGS to send data to third parties via Outbound Routes

Generating new Access Credentials

Access Credentials are automatically created for the user when a vault is created. To help ensure security, credentials are never stored in plaintext within VGS systems. When Access Credentials are generated you will be prompted to download them. If you lose these credentials, you can generate a new pair via the settings page for your vault.

Access Credentials can be generated and read only by organization admins.

Please note that the credential’s secret can be downloaded only at the time of generation.

Rotating credentials

Rotating credentials is a security best practice as it shortens the period access credentials can be used. This also reduces any possible business impact if they are compromised.

Remember to always check whether the new credentials are active and working before you delete your current credentials. You cannot retrieve your credentials once they are deleted.

How to rotate your credentials:

1. Go to your vault on the VGS Dashboard, select Vault Settings, and find the Access Credentials section. Each vault has at least one set of access credentials by default. In order to perform rotation you’d need at least two. To add a new set of credentials click on “Generate Credentials”. This will show newly generated username/password pair. Store these credentials securely on within your environment .

2. You should now have 2 active credentials for your vault. You need to make sure to distribute new username/password pair to all applications which use VGS.

3. At this point you need to change the status of old credentials to “Inactive”. This will disable credentials in a way that they couldn’t be used for outbound traffic anymore .

4. Make sure to validate all applications are working. In case everything is working as expected feel free to go to step 5. If anything has broken by mistake, for example you forgot to update one of applications using VGS vault, you can quickly make them “Active” again and go back to step 2.

5. After you’ve verified everything is working it’s safe to delete old credentials. Deleted credentials cannot be restored. That’s why VGS asks for additional confirmation before they’re deleted .