# Credentials

NetObserv SNMP Trap makes it simple to securely add credentials for the trap listener to use.

The directory of the listener credential files is specified by `EF_INPUT_TRAP_LISTENER_CREDENTIALS_DIRECTORY_PATH` in the trapcoll configuration options. The default location is `/etc/elastiflow/snmp/traps/credentials`. See [credentials.yml](https://github.com/elastiflow/snmp/tree/main/traps/credentials) for a template.

Currently, credentials only work for SNMP v3 Traps. Community strings are not enforced.

#### Trap SNMP v3 Credential File Example

**Example File Structure:**

```yaml
credentials:
  users:
    - username: myuser1
      authentication_protocol: md5
      authentication_passphrase: mypassword1
      privacy_protocol: aes
      privacy_passphrase: myprivacy1
      authoritative_engine_id: authoritative_engine_id
    - username: myuser2
      authentication_protocol: md5
      authentication_passphrase: mypassword2
      privacy_protocol: aes
      privacy_passphrase: myprivacy2
      authoritative_engine_id: authoritative_engine_id
```

### Configuration Attributes

Currently, there are no default values for these fields and all fields are required.

#### username

The username of the listener credential.

EXAMPLE: `myuser1`

#### authentication\_protocol

The authentication protocol used to authenticate the username with the incoming device Trap using SNMPv3.

* Valid Values
  * `noauth`, `md5`, `sha`, `sha224`, `sha256`, `sha384`, `sha512`

#### authentication\_passphrase

The authentication passphrase used to authenticate the username with the device using SNMPv3.

Currently only *device-level* polling intervals are supported. A future enhancement will include support for *object-level* interval override of the device-level value.&#x20;

#### privacy\_protocol

The privacy protocol used to encrypt SNMPv3 traffic between the SNMP device and the Trap listener.

* Valid Values
  * `nopriv`, `des`, `aes`, `aes192`, `aes256`, `aes192c`, `aes256c`

**privacy\_passphrase**

The privacy passphrase used to encrypt SNMPv3 traffic between the SNMP input and the device.

#### authoritative\_engine\_id

The authoritative engine ID used to make an SNMP request with SNMPv3.

The authoritative\_engine\_id used in each credential must exactly match the authoritative\_engine\_id set for the Trap listener via the `EF_INPUT_TRAP_LISTENER_AUTHORITATIVE_ENGINE_ID` setting.&#x20;

### Credential File Encryption

Credential files located in the directory specified by `EF_INPUT_TRAP_LISTENER_CREDENTIALS_DIRECTORY_PATH` can be encrypted using industry standard AGE encryption by setting `EF_INPUT_TRAP_LISTENER_CREDENTIALS_SECURE_STORE_ENABLE` to `true`.

Please visit [Trap Listener Credentials Encryption](/trapcoll/configuration/receiving-traps/credentials/credentials_encryption.md) to learn more.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.elastiflow.com/trapcoll/configuration/receiving-traps/credentials.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.