About Credential propagation

  • 2 minute(s) read
Prev Next

Overview

The Executions module enables secure, automated propagation of credentials, such as passwords, service accounts, SSH keys, and secrets across a wide range of enterprise assets and applications

Info

For certificates, check the Certificate publishing section.

Credential propagation refers to the process of updating or injecting credentials into target systems, applications, or configuration files, ensuring that new or rotated credentials are distributed wherever required for seamless operation.

Supported propagation targets

SSH keys

  • Secure deployment and update of SSH public keys to authorized systems (propagation).
  • Integration with policy-based workflows for controlled distribution.

COM+ and DCOM applications

  • Credentials for COM+ and DCOM services can be securely propagated using agentless execution templates and plugins.
  • All actions are orchestrated via automated workflows, with detailed logging.

IIS Anonymous, application pool & network credentials

  • Automated injection and update of IIS anonymous, app pool, and network credentials.
  • Templates ensure updates are performed seamlessly, minimizing downtime.

SCOM Run As Credentials

  • Propagation of SCOM Run As credentials using secure templates, without the need for local agents.

Flat files (scripts, config files, text, binary)

  • Agentless updates of credentials embedded in flat files (scripts, config files, binaries).
  • Execution templates support a variety of file formats and custom logic.

Windows auto login configurations

  • Secure, automated update of credentials used in Windows auto login scenarios.
  • All propagation actions are logged and auditable.

Databases

  • Credential propagation for major databases (Oracle, SQL Server, PostgreSQL, MySQL, MongoDB, and others).
  • Templates support secure credential updates to connection strings, configuration files, or secrets stores.

RPA Bbots, LLMs and automation scripts

  • Dynamic and just-in-time delivery: credentials are provided on demand, with limited validity and controlled scope, reducing the risk of exposure and guaranteeing the principle of least privilege.
  • Automated rotation and revocation: credentials used by bots, LLMs and scripts can be automatically rotated or revoked at the end of execution, mitigating risks of misuse or undue persistence.
  • Support for multiple frameworks and integrations: compatible with modern orchestrators (Kubernetes, Jenkins, GitLab Runner, AWS Lambda, Azure Pipelines), as well as on-premises servers, cloud and edge computing.

Other supported assets

  • Windows Scheduled Tasks & Services.
  • AD Managed Service Accounts (gMSA/MSA).
  • Chatbots & Virtual Assistants (Slack, Microsoft Teams, Google Gemini, ServiceNow).
  • DevOps & Orchestration Agents (Jenkins, GitLab, AWS Lambda, Azure Pipelines, and Kubernetes).
  • Enterprise Software (SAP ECC, SAP S/4HANA, Oracle PeopleSoft, Salesforce and Dynamics 365).
  • Remote desktop gateway configurations.
  • RPA Bots (UiPath, Blue Prism, Automation Anywhere).
  • Security Automation Agents (SOAR, SIEM, EDR).
  • Web applications, middleware, OT/IoT devices, SaaS and cloud platforms.

Key features

  • Agentless by default: propagation tasks are performed without installing agents on target assets, reducing operational complexity and security risk.
  • Execution templates: flexible, customizable templates define how credentials are propagated to each target system or application.
  • Automated orchestration: propagation can be triggered manually, scheduled, or integrated with ITSM and workflow automation.
  • Audit and compliance: every propagation event is fully logged, including source, target, credential type, and timestamp, supporting compliance requirements.
  • Policy enforcement: propagation actions are subject to approval workflows and policy controls for security and segregation of duties.