A credential is a piece of information used to verify identity and authorize access to a system or resource. The classic example is a username and password, but credentials also include API keys, SSH keys, certificates, and tokens. Systems use credentials to control what a user or process is allowed to see or do.
In modern infrastructure, credentials are typically managed by a secrets manager rather than stored in plain text. Best practice is that credentials are never committed to version control, logged, or shared outside of a secure vault.
In This Home
All secrets for the home lab are stored in 1Password (see 1Password). The provisioning scripts fetch credentials from 1Password at runtime using the op CLI — credentials never appear in the repository or in plain-text config files on disk.