--- layout: docs page_title: Configure targets with credential brokering description: >- Configure credential brokering workflows so that Boundary centrally manages credentials and returns them to users when they successfully connect to a target. --- ⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️ > [!IMPORTANT] > **Documentation Update:** Product documentation previously located in `/website` has moved to the [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs) repository, where all product documentation is now centralized. Please make contributions directly to `web-unified-docs`, since changes to `/website` in this repository will not appear on developer.hashicorp.com. ⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️ # Configure targets with credential brokering The following section provides steps to configure your targets with credential brokering. When you use credential brokering, Boundary returns credentials to the user when they successfully connect to a target. ## Requirements - You must have an existing target available. To use brokered credentials to connect to a target that runs SSH, you must use a TCP target type. - You must have configured either a static credential store or a Vault credential store: - To configure a static credential store, refer to [Create static credential stores](/boundary/docs/credentials/static-cred-boundary). - To configure a Vault credential store and credential library, refer to [Create Vault credential stores](/boundary/docs/credentials/static-cred-vault). - You must have a static credential saved in your static credential store or Vault credential store. The credential must correspond to the target you want to authenticate to. ## Configuration Complete the following steps to configure credential brokering for a target: 1. Log in to Boundary. 1. Select **Orgs** on the navigation pane. 1. Select your desired org. 1. Select the project where your target resides. 1. Click **Targets** on the navigation pane. 1. Click on the target you want to configure for credential brokering. 1. Click on the **Brokered Credential** tab. 1. Click **Managed** and select **Add Brokered Credential** in the pull down menu. 1. Do one of the following: - **If you are using a static credential store**: Select the credential that corresponds to your target and click **Add Brokered Credentials**. - **If you are using a Vault credential store**: Select the credential library that corresponds to your target and click **Add Brokered Credentials**. 1. Log into Boundary. ```shell-session $ boundary authenticate Please enter the login name (it will be hidden): Please enter the password (it will be hidden): ``` 1. Add brokered credentials to target. ```shell-session $ boundary targets add-credential-sources \ -id ttcp_vO60a7TwpI \ -application-credential-source csvlt_Xqa6V6QwfM ``` If you are using a static credential store, `brokered-credential-source` refers to the ID of a **credential** in the static credential store. If you are using a Vault credential store, `brokered-credential-source` refers to the ID of a **credential library** in the Vault credential store. ## More information Refer to the following topics for more information: - [Create static credential stores](/boundary/docs/credentials/static-cred-boundary) - [Create Vault credential stores](/boundary/docs/credentials/static-cred-vault) - [Target types](/boundary/docs/domain-model/targets#target-types)