Managing SMTP Credentials
SMTP credentials are organization-scoped username/password pairs used to authenticate SMTP connections. Each credential set is independent — you can create multiple credentials for different applications or environments.
Creating Credentials
Generate SMTP credentials from your Arsel dashboard:
- Navigate to Settings > SMTP Credentials
- Click Create Credentials
- Optionally give them a descriptive name (e.g., "Production Server", "Staging")
- Copy the username and password immediately
The password is only shown once at creation time. Store it securely — it cannot be retrieved later. If lost, rotate the credential to generate a new password.
Credential Format
| Field | Format | Example |
|---|---|---|
| Username | smtp_ + 16 random characters | smtp_aB3xK9mP2qR5wY7z |
| Password | sk_ + 32 random characters | sk_4f8Hj2kLmN6pQrStUvWxYz1a3B5cD7e |
Credential Lifecycle
Active Credentials
New credentials are active by default. Active credentials can authenticate SMTP connections and send emails.
Rotating Credentials
If a credential may have been compromised, or as part of regular security hygiene, you can rotate it:
- Navigate to Settings > SMTP Credentials
- Click Rotate on the credential
- Copy the new password immediately
- Update your application's SMTP configuration
- The old password is immediately invalidated
To rotate with zero downtime: create a new credential, update your application to use it, then revoke the old one.
Revoking Credentials
Revoking a credential disables it without deleting it. This is useful for temporarily disabling access:
- Click Revoke on the credential
- Any active SMTP sessions using this credential will fail on the next authentication
- The credential can be re-enabled later by updating its status
Deleting Credentials
Deleting a credential permanently removes it. This cannot be undone:
- Click Delete on the credential
- Confirm the deletion
- The credential is permanently removed
Security Best Practices
- Use separate credentials for each environment (development, staging, production)
- Use separate credentials for each application or service that sends emails
- Rotate credentials regularly as part of your security policy
- Revoke immediately if a credential may have been exposed
- Never commit credentials to source control — use environment variables or secrets management
- Monitor last-used timestamps in the dashboard to identify unused credentials
Tracking Usage
The dashboard shows for each credential:
| Field | Description |
|---|---|
| Name | Optional label you assigned |
| Username | The SMTP username |
| Status | Active or Revoked |
| Last Used | Timestamp of the most recent authentication |
| Created | When the credential was generated |