Credentials Management
Credentials Management lets organization administrators securely store and manage the cloud provider credentials that Atmosly uses to provision and operate infrastructure. Credentials are created once and then reused wherever a cloud connection is needed.
Open it from Settings → Credentials Management in the left navigation menu.
Credentials Management is available only to organization Admins.
Supported Providers
| Provider | Authentication Methods |
|---|---|
| AWS | Assume Role or Access Keys |
| GCP | Service Account JSON key |
Adding a Credential
- Open Settings → Credentials Management and click Add Credentials.
- Enter a Credential Name — lowercase letters, numbers, hyphens, and underscores; it must start and end with a letter or number (3–50 characters).
- Choose a Cloud Provider (AWS or GCP).
- Complete the provider-specific fields described below.
- Click Create Credential.
AWS — Assume Role
This is the recommended method. Atmosly assumes an IAM role in your account using a fixed External ID.
| Field | Description |
|---|---|
| Role ARN | The ARN of the IAM role Atmosly should assume (for example, arn:aws:iam::123456789012:role/AtmoslyRole). |
| External ID | A pre-filled, read-only value. Copy it with the copy button and add it to your IAM role's trust policy. |
Click setup guide next to the External ID field to open step-by-step instructions, including an example trust policy, for configuring the role in the AWS IAM console.
The External ID protects against the "confused deputy" problem by ensuring only Atmosly can assume your role. Be sure to include it in the role's trust relationship.
AWS — Access Keys
| Field | Description |
|---|---|
| Access Key ID | Your AWS access key ID (begins with AKIA or ASIA). |
| Secret Access Key | The matching secret key (40 characters). Use the eye icon to show or hide the value. |
GCP — Service Account Key
| Field | Description |
|---|---|
| Service Account JSON | Upload the JSON key file for your GCP service account (drag-and-drop or click to browse). The file is validated as you upload it. |
Viewing a Credential
Selecting a credential opens a read-only details view organized into sections:
- Basic details — name, provider, authentication method, and status.
- Configuration — the non-secret configuration values for the credential (secret values are masked).
- History — created and last-updated times and users, plus when the credential was last validated.
- Usage — how many times the credential has been used.
Editing a Credential
Open a credential and choose Edit to update it. Note that the Cloud Provider and Authentication Method are fixed once a credential is created and cannot be changed — create a new credential if you need a different provider or method.
For security, existing secret values (such as the AWS secret key) are masked. Re-enter a value only if you want to change it.
Permissions
Credentials Management requires the organization Admin role. Creating and editing credentials additionally relies on cluster-management permissions. Contact your organization admin if you need access.