Secure Credentials Storage for SuiteCloud SDK

Starting in 2025.1, SuiteCloud SDK uses Public-Key Cryptography Standards #12 (PKCS#12) to generate a password-protected credentials file.

When you authenticate for the first time using SuiteCloud SDK tools, the PKCS#12 credentials file is created and stored on your local machine in the .suitecloud-sdk folder in your home directory. This file contains encrypted authentication data, so you don't have to authenticate again in future sessions. The credentials file name depends on the authentication option you used: credentials_browser_based.p12 for browser-based authentication or credentials_ci.p12 for machine-to-machine authentication.

Important:

Browser-based authentication and Machine-to-machine authentication use different credential files to store authentication data. You can set up your environment to use only one authentication option at a time.

SuiteCloud SDK checks for specific environment variables and the availability of secure storage to determine if you've got the right setup for the authentication option that you're trying to run. For more information, see Execution Context for Secure Credentials Storage.

To keep your credentials file safe, SuiteCloud SDK encrypts it with a password or passkey:

For browser-based authentication, SuiteCloud SDK auto-generates the passkey and updates it regularly. This passkey is stored in your machine's secure storage service (like Credential Manager for Windows, Keyring for Linux, or Keychain for macOS).
For machine-to-machine authentication or browser-based authentication in fallback mode, you must manually define the passkey using an environment variable and update it regularly.

If you delete the credentials file, any authentication IDs you set up before will be lost. A new credentials file will be created when you set up your account again.

Read the following topics for more information:

Watch the following help video for information about Secure Credentials Storage for SuiteCloud SDK:

Related Topics