boundary/website/content/docs/configuration/credential-management/configure-credential-injection.mdx

---
layout: docs
page_title: Configure targets with credential injection
description: |-
  Configure credential injection so Boundary provides users with a passwordless experience when connecting to targets. Availabile exclusively for Enterprise users.
---

# Configure targets with credential injection

<EnterpriseAlert product="boundary">This feature requires <a href="https://www.hashicorp.com/products/boundary">HCP Boundary or Boundary Enterprise</a></EnterpriseAlert>

The following section provides steps to configure your targets with credential injection.
Credential injection provides end users with a passwordless experience when they connect to targets.

## Requirements

- This feature requires either <a href="https://www.hashicorp.com/products/boundary">HCP Boundary or Boundary Enterprise</a>
- You must have an existing target available.
- You must have configured either a static credential store or a Vault credential store:

  - To configure a static credential store, refer to [Create static credential stores](/boundary/docs/configuration/credential-management/static-cred-boundary).
  - To configure a Vault credential store and credential library, refer to [Create Vault credential stores](/boundary/docs/configuration/credential-management/static-cred-vault).

- You must have a static credential saved in your static credential store or Vault credential store. The credential must correspond to the target to which you want to authenticate.

## Configuration

Complete the following steps to configure targets with credential injection:

<Tabs>
<Tab heading="UI" group="ui">

1. Log in to Boundary.
1. Select **Orgs** on the navigation pane.
1. Select your desired org.
1. Select the project where your target resides.
1. Click **Targets** on the navigation pane.
1. Click on your target you want to configure for credential injection.
1. Click on the **Injected Application Credential** tab.
1. Click **Managed** and select **Add Injected Application Credential** in the pull down menu.
1. Do one of the following:
   - **If you are using a static credential store**: Select the credential that corresponds to your target and click **Add Injected Application Credential**.
   - **If you are using a Vault credential store**: Select the credential library that corresponds to your target and click **Add Injected Application Credential**.

</Tab>
<Tab heading="CLI" group="cli">

1. Log into Boundary.

  ```shell-session
  $ boundary authenticate
  Please enter the login name (it will be hidden):
  Please enter the password (it will be hidden):
  ```

1. Add credential injection to target.

  ```shell-session
  $ boundary targets add-credential-sources \
    -id ttcp_vO60a7TwpI \
    -injected-application-credential-source csvlt_Xqa6V6QwfM
  ```

<Tip>

  If you are using a static credential store, `brokered-credential-source` refers to the ID of a **credential** in the static credential store.

  If you are using a Vault credential store, `brokered-credential-source` refers to the ID of a **credential library** in the Vault credential store.

</Tip>

</Tab>
</Tabs>