How Credential Management Store works#

This methodology utilizes a secure storage area where credentials are kept for all or most of the applications. The user authenticates to the credential store and a client-side agent then supplies the credentials to the individual applications or platforms.

This solution requires a client-side agent, or service manages credentials on behalf of the user. When access is required to a specific system, the front-end agent, or service then passes the appropriate credential through to gain the required access.

The client-side agent may also manage password changes such that they are consistent CSO, according to a chosen policy, across systems.


Though credential management store is a valid methodology, the follwoing are considered drawbacks:
  • The requirement of a client-side agent requires client-side management which could be difficult within large environments.
  • Although credential management store does maintain different passwords among the different applications and platforms, the solution still has the "Keys to the Kingdom" threat where if a user¬ís password to the credential management store is discovered.

More Information#

There might be more information for this subject on one of the following: