SentinelFlow: Secure Credential Handling for DDF
The security layer behind FoliosFlow and ServiceFlow
SentinelFlow helps keep credentials out of scripts, configuration files and ad hoc automation.
It retrieves secrets from supported vaults or local credential stores, supports local execution, and provides a more consistent security model across Dynamic Data Flows products.
- ✓ Supports CyberArk, 1Password and Windows Credential Manager
- ✓ Local execution only — no hosted SaaS control layer
- ✓ Keeps secrets out of Flow configs and scripts
- ✓ Provides a consistent pattern for secure authentication
Why Credential Handling Matters
Automation often needs privileged access to systems such as Planview and ServiceNow. Without a clear security model, that creates avoidable operational and audit risk.
❌ Hard-coded credentials
Passwords or tokens stored in scripts and config files are difficult to govern and easy to mishandle.
❌ Inconsistent security patterns
Different scripts and tools often handle secrets in different ways, making review and support harder.
❌ Weak traceability
When access patterns are unclear, audits and investigations become slower and less reliable.
❌ Operational sprawl
Security teams need a repeatable pattern rather than one-off exceptions for every automation workflow.
SentinelFlow helps reduce these risks by providing a more controlled and consistent credential-handling approach.
How SentinelFlow Works
SentinelFlow supports a simple pattern: retrieve credentials from a supported store, authenticate locally, execute the workflow, and keep a clear record of what happened.
🔐 Retrieve from a supported store
Secrets are retrieved from CyberArk, 1Password or Windows Credential Manager rather than stored in configs.
🏠 Authenticate locally
Authentication happens from within your environment, without routing through a hosted control layer.
✅ Execute with traceability
The surrounding workflow can then run with a clearer and more supportable security pattern.
🧾 Keep a clear record
Execution logs help teams understand what ran, where it ran, and whether it succeeded.
Works with Supported Credential Stores
SentinelFlow is designed to work with the credential systems many teams already use, rather than requiring a new proprietary vault.
CyberArk
Suitable for organisations already using CyberArk for controlled enterprise credential access.
1Password
Useful for teams standardised on 1Password who want a practical path to managed secret retrieval.
Windows Credential Manager
A simple local option for controlled environments where a lightweight pattern is appropriate.
Where SentinelFlow Fits
SentinelFlow is primarily used as the security layer behind DDF products such as FoliosFlow and ServiceFlow.
Used across DDF products
- Supports FoliosFlow for Planview automation
- Supports ServiceFlow for ServiceNow automation
- Helps keep the DDF security model more consistent across products
Can also be discussed separately
In some environments, SentinelFlow may also be relevant as a standalone credential-handling component where secure authentication is the primary concern.
Talk to Us About Security Architecture
We can explain how SentinelFlow fits into FoliosFlow, ServiceFlow and the wider DDF platform, or discuss whether it makes sense as a standalone component in your environment.