external_id when creating credentials to tie them back to users in your system.
How credentials fit in
A credential stores the auth details Deck needs to log in on behalf of a user. When you run a task, Deck uses the credential to authenticate a session against the source. You don’t need to manage sessions or track login state. Just store the credential and run tasks against it. Credentials are optional on tasks. There are two cases where you would use credentials:- Working with sources that require authentication. Store your own credentials or your user’s credentials in the credential vault and securely pass them to run a task.
- Linking users in your system to Deck. You can use credentials to link users to your system with an
external_idand pass theauth_methodasnone. This provivdes user linking without credential storage.
Creating a credential
Pass authentication details through the API. Deck encrypts and stores them in the credential vault. The credential is created withunverified status. It becomes verified the first time a task run successfully authenticates with it.
Auth methods
| Method | Description |
|---|---|
username_password | Standard username and password. |
none | No credentials needed (public sources). Use this to link users from your system. |
Credential statuses
| Status | Meaning |
|---|---|
unverified | Stored but not yet used in a successful authentication |
verified | Successfully authenticated at least once |
invalid | The source rejected the credentials |
deleted | Permanently removed from the credential vault, still queryable |
verified when a task run authenticates with it successfully. This happens automatically.
A credential becomes invalid when the source rejects the stored credentials. This can happen when a password is changed on the source or the account is locked. To fix it, update the credential with correct details.
A deleted credential has been permanently removed from the credential vault. The credential object and its associated task runs are still queryable, but no new tasks can use it.
Deep dives
Credential Vault
How Deck encrypts, stores, and deletes user credentials.
Sessions
Compute sessions created when tasks run.