Where credentials live
Credentials you add to Luumen are stored in Luumen’s cloud infrastructure. They are not stored on your local machine — this is what makes them available across your devices and shareable with teammates on workspace-scoped credentials.How credentials are protected
A few of the safeguards in place:- Encrypted at rest. Credentials are encrypted before they’re written to storage. They are never stored in plaintext.
- Encrypted in transit. All communication between your Luumen client and our servers uses TLS, and credential data is encrypted end-to-end.
- Used only when you act. Credentials are decrypted only when you initiate a connection or scan, and they remain in memory only as long as needed to complete the action.
- Audited access. Internal access to systems handling credential data is restricted and logged.
- Independently verified. Luumen is SOC 2 Type 2 attested, ISO 27001 certified, and CSA STAR certified. These third-party audits cover how we handle sensitive data — including credentials. See luumen.ai/security for more.
How credentials are used
A few things to know about how credentials are used:- LuumenAI does not bypass your authentication. When LuumenAI runs a command on a host, it does so over the same connection you established with your credentials — using your permissions, not its own. Every command requires your explicit approval.
- You can delete credentials at any time. Deleted credentials are removed from your workspace immediately and are not retained beyond what’s required by our backup and retention policies.
- Credentials are scoped where you put them. Personal credentials are visible only to you. Workspace credentials are visible only to members of that workspace.
Questions
- For technical details on our security architecture, see luumen.ai/security.
- For details on how we handle and retain customer data, see luumen.ai/privacy.
- If you’re a security researcher or have a specific concern, contact us at security@luumen.ai.
Related pages
Managing credentials
Add, test, edit, and delete the credentials used to connect to your hosts.
Set up SSH keys
Generate an SSH key, add it to your hosts, and import it into Luumen.