Tines

Managing <a href="https://www.tines.com/docs/credentials/" rel="nofollow noopener noreferrer" target="_blank">credentials</a> securely in Tines helps protect your integrations, reduce risk, and keep your tenant organized. These best practices ensure that credentials are created, used, and maintained consistently and securely.

<a href="https://www.tines.com/docs/credentials/credential-configuration/domain-restriction/" rel="nofollow noopener noreferrer" target="_blank">Restrict direct access</a> for all credentials (tenant-level setting). Restricting direct access reduces the risk of credential exposure and misuse. This ensures credentials are only used within controlled stories, rather than being manually retrieved or shared.

Create an approval process for credential creation

Establish a process to get approval for credential creation. Include a collection of relevant information through a <a href="https://www.tines.com/docs/pages/" rel="nofollow noopener noreferrer" target="_blank">page</a> for a user with credential management permissions to create in the tenant. This adds a layer of oversight to ensure new credentials meet all requirements and aren’t created unnecessarily or insecurely.

Establish standards for credential creation

Enforce a standardization for the creation of credentials with the following recommendations:

The credential name is filled in and includes the integration tool's name. For example: Tines Security Automation Team API Key

The credential description field is filled in with a relevant explanation. For example: This Tines credential has read-only access to the Security Automation team

The credential <a href="https://www.tines.com/docs/credentials/credential-configuration/product/" rel="nofollow noopener noreferrer" target="_blank">product</a> field is filled in with the product you are integrating with Tines.

The credential is not a duplicate of an existing credential.

The credential is scoped to a service user or similar non-user account.

The credential <a href="https://www.tines.com/docs/credentials/credential-configuration/domain-restriction/" rel="nofollow noopener noreferrer" target="_blank">URLs and domains</a> field for restricting domain access must not be overly permissive.

If you are using <a href="https://www.tines.com/docs/stories/change-control/" rel="nofollow noopener noreferrer" target="_blank">change control</a>, make sure the <a href="https://www.tines.com/docs/credentials/credential-configuration/test-details-tab/" rel="nofollow noopener noreferrer" target="_blank">test credential</a> fields are complete and include info for a non-production version of the relevant tool.

If you use the <a href="https://www.tines.com/docs/admin/action-egress-control/" rel="nofollow noopener noreferrer" target="_blank">egress allowlist</a> feature, add the relevant information to the egress allowlist to enable connecting to the tool.

- The credential name is filled in and includes the integration tool's name. For example: Tines Security Automation Team API Key
- The credential description field is filled in with a relevant explanation. For example: This Tines credential has read-only access to the Security Automation team
- The credential <a href="https://www.tines.com/docs/credentials/credential-configuration/product/" rel="nofollow noopener noreferrer" target="_blank">product</a> field is filled in with the product you are integrating with Tines.
- The credential is not a duplicate of an existing credential.
- The credential is scoped to a service user or similar non-user account.
- The credential <a href="https://www.tines.com/docs/credentials/credential-configuration/domain-restriction/" rel="nofollow noopener noreferrer" target="_blank">URLs and domains</a> field for restricting domain access must not be overly permissive.
- If you are using <a href="https://www.tines.com/docs/stories/change-control/" rel="nofollow noopener noreferrer" target="_blank">change control</a>, make sure the <a href="https://www.tines.com/docs/credentials/credential-configuration/test-details-tab/" rel="nofollow noopener noreferrer" target="_blank">test credential</a> fields are complete and include info for a non-production version of the relevant tool.
- If you use the <a href="https://www.tines.com/docs/admin/action-egress-control/" rel="nofollow noopener noreferrer" target="_blank">egress allowlist</a> feature, add the relevant information to the egress allowlist to enable connecting to the tool.

Complete regular audits of the credentials to ensure best practices are met. Build a Tines <a href="https://www.tines.com/docs/stories/" rel="nofollow noopener noreferrer" target="_blank">story</a> to regularly audit credentials for best practices on a daily or weekly cadence. Ongoing validation helps maintain hygiene and ensures standards are continuously met, even as new credentials are added or updated.

<a href="https://www.tines.com/blog/optimizing-tines-building-efficiently/" rel="nofollow noopener noreferrer" target="_blank">Optimizing Tines Stories - Tips and Tricks for Building Efficiently</a>

<a href="https://www.tines.com/blog/how-to-optimize-tines-stories-managing-stories/" rel="nofollow noopener noreferrer" target="_blank">How to Optimize Tines Stories - Tips and Tricks for Managing Stories Efficiently</a>

<a href="https://www.tines.com/tines-security-best-practices/" rel="nofollow noopener noreferrer" target="_blank">Tines security best practices</a>

- <a href="https://www.tines.com/blog/optimizing-tines-building-efficiently/" rel="nofollow noopener noreferrer" target="_blank">Optimizing Tines Stories - Tips and Tricks for Building Efficiently</a>
- <a href="https://www.tines.com/blog/how-to-optimize-tines-stories-managing-stories/" rel="nofollow noopener noreferrer" target="_blank">How to Optimize Tines Stories - Tips and Tricks for Managing Stories Efficiently</a>
- <a href="https://www.tines.com/tines-security-best-practices/" rel="nofollow noopener noreferrer" target="_blank">Tines security best practices</a>

Identify common best practices for managing automation credentials in Tines.

Best practices for credential management

University

Story Library

What's New

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Best practices for credential management

Overview

Best practices

Restrict direct access

Create an approval process for credential creation

Establish standards for credential creation

Audit credentials

Additional resources