Credentials
Credentials store connection information in a secure and centralized way. Instead of placing passwords and tokens directly in nodes, you create a credential and reference it in flows.
Managing Credentials
- In the side menu, click Credentials
- The list displays all registered credentials
Image: Credentials screen with a list showing name, type, and creation date
Creating a Credential
- Click + New Credential
- Select the credential type
- Fill in the type-specific fields
- (Optional) Click Test Connection to verify
- Click Save
Credential Types
HTTP / API
For connections with REST APIs.
| Field | Description |
|---|---|
| Name | Credential name |
| Base URL | API base URL (e.g., https://api.exemplo.com) |
| Auth Type | None, Bearer Token, Basic Auth |
| Token | Bearer token (when Bearer) |
| Username | Username (when Basic) |
| Password | Password (when Basic) |
| Headers | Custom headers (key-value pairs) |
Usage in the HTTP Request node: Select the credential and provide only the path:
Credential: "API Exemplo"
URL: /api/users (the base URL is added automatically)
Pipeline Override — Enterprise
In QANode Enterprise CI/CD integration, specific credential fields can be overridden only for the current execution.
Example:
npx @qanode/cli run scenario \
--scenario-id SCENARIO_ID \
--credential api-main.token=$API_TOKEN \
--wait
This pattern is useful for:
- ephemeral pipeline tokens
- temporary staging secrets
- transient environment endpoints
The saved credential value remains unchanged after the execution ends.
For details, see Per-execution Overrides.
PostgreSQL
| Field | Description |
|---|---|
| Name | Credential name |
| Host | Server address |
| Port | Port (default: 5432) |
| Database | Database name |
| Username | Connection username |
| Password | Connection password |
| SSL | Use SSL connection |
MySQL
| Field | Description |
|---|---|
| Name | Credential name |
| Host | Server address |
| Port | Port (default: 3306) |
| Database | Database name |
| Username | Connection username |
| Password | Connection password |
| SSL | Use SSL connection |
MariaDB
Same fields as MySQL.
Oracle
| Field | Description |
|---|---|
| Name | Credential name |
| Host | Server address |
| Port | Port (default: 1521) |
| Service Name | Oracle service name |
| Username | Connection username |
| Password | Connection password |
MongoDB
| Field | Description |
|---|---|
| Name | Credential name |
| URI | MongoDB connection string |
| Database | Database name (when not included in the URI) |
Example URIs:
mongodb://usuario:senha@host:27017/banco?authSource=admin
mongodb+srv://usuario:senha@cluster.mongodb.net/banco
SSH
| Field | Description |
|---|---|
| Name | Credential name |
| Host | Server address |
| Port | SSH port (default: 22) |
| Username | Username |
| Password | Password (password authentication) |
| Private Key | Private key content (key-based authentication) |
| Passphrase | Key passphrase (if key is protected) |
Credential for connecting to mailboxes via IMAP. Used by the Email Inbox node.
| Field | Description |
|---|---|
| Name | Credential name |
| Provider | Gmail, Outlook, or Custom IMAP |
| Auth Mode | Password / App Password or OAuth2 |
| Account email address | |
| IMAP Host | IMAP server (auto-filled for Gmail and Outlook) |
| IMAP Port | IMAP port (default: 993) |
| Secure | Use TLS/SSL (default: true) |
Password Mode:
| Field | Description |
|---|---|
| Password / App Password | Account password or App Password generated by the provider |
For Gmail with password mode, you must use an App Password — not your regular account password. Generate App Password
OAuth2 Mode:
| Field | Description |
|---|---|
| Client ID | OAuth client ID registered with the provider |
| Client Secret | OAuth client secret |
| Tenant ID | Outlook only — Azure tenant ID (default: common) |
| Scopes | OAuth scopes (optional; defaults filled automatically) |
| OAuth Callback URI | URI to register in the provider's console (read-only) |
After filling in Client ID and Secret, click Connect OAuth (Browser) to authorize. A window will open for provider login and, once completed, Access Token and Refresh Token are filled automatically.
Gmail: register the OAuth Callback URI shown in the field as an "Authorized redirect URI" in the Google Cloud Console → Credentials → OAuth 2.0.
Outlook: register the URI as a "Redirect URI" in the Azure Portal → App registrations → Authentication.
Testing the Connection
Before using a credential, test the connection:
- On the credential edit screen, click Test Connection
- QANode will attempt to connect using the provided information
- The result will be displayed: success or error with a detailed message
Image: Credential with a test connection button and success message
Using Credentials in Flows
In Database Nodes
In the PostgreSQL, MySQL, MariaDB, Oracle, or MongoDB node:
- In the Credential field, select the credential
- The connection fields are filled in automatically
- Configure only the query/operation
In HTTP Request Nodes
- In the Credential field, select the HTTP credential
- The base URL and authentication are applied automatically
- In the URL field, provide only the path
In SSH Nodes
- In the Credential field, select the SSH credential
- The connection details are applied automatically
- Configure only the commands
Security
- Passwords and tokens are encrypted in the database
- Sensitive values are masked in the interface
- Credentials are accessible only to users with the appropriate permission
- The credential owner can edit it; others require admin permission
Tips
- Create credentials per environment — Production, Staging, Dev
- Always test the connection before using it in a flow
- Use descriptive names: "PostgreSQL Production" is better than "pg1"
- Prefer credentials over placing passwords directly in nodes
- When duplicating environments, create new credentials for each one