The credentials added to Sandfly are encrypted with a public key and only the scanning nodes can decrypt them.
Once credentials are added through the User Interface, they cannot be read again by the user or server. If the entire server database were to be compromised, it would only contain encrypted data for credentials which are not usable by an attacker to gain access to remote systems.
NOTE: Credentials Are Not Readable Again Once Added Sandfly always encrypts all SSH credentials with very strong public/private keys. SSH credentials are not readable again by the user or server once added to the system. Credentials must be deleted entirely, and replaced, if you wish to update them at the server.
IDEA: Sandfly Credential Security Separation Sandfly is architected to take special care with login credentials. Encrypted credentials are only stored on the server and not the scanning nodes. But, only scanning nodes can decrypt credentials that the server sends. The above provides a separation of duties so that a powered down node does not contain valid SSH keys. At the same time, the server does not store anything that is unencrypted as the keys can only be read by nodes. A server database compromise does not expose your keys to use by an attacker.