General
The following resources are required for a fully functional Credo AI installation.
- DNS record for Credo AI application endpoint
- TLS private key & certificate for application endpoint
- SMTP server (StartTLS supported)
- Postgres database
- AWS S3
- OIDC identity provider with an OAuth2 authorization server
Postgres database and AWS S3
Credo AI application does not use volume storage as state is maintained in object storage and a relational database. It is recommended to apply related “Best Practices” for securing application data in these locations:
The CredoAI application uses the public database schema for governance asset management. The configured database user must have write access to this schema.
See the Postgres Database Setup Appendix for database setup instructions.
Single Sign-On (SSO)
The Credo AI application requires both an OIDC identity provider to authenticate users and an oauth2 authorization server to authorize users.
Local user authentication is not an option for a self-hosted instance.
The OAuth2 specification has a helpful document on the difference between ID and access tokens and how they relate to application security.
See the SSO with Okta OIDC for guidance on setting up SSO with Okta.