​Hi - we'd like to automate the credential management, so that our developers / process admins can manage their (and only their) credentials themselves and are not dependent on our operations team. Since BPv5 doesn't provide a feature to restrict access on individual Credentials (and I believe BPv6 neither) we're thinking of implementing 2 processes:
1) a process which would allow our developers / process admins to add credential management (add/modify/delete) requests into a BP work queue.
2) another process which would run under a special account (and with permission to manage credentials) which would pick up these credential management requests from the queue, perform certain validation / authorization checks and then add/delete/modify the credential accordingly. 

We can achieve most of that using the functionality of the Internal "Credentials" object.
The one piece which is missing is the ability to defined the access rights (which Process / Ressource is allowed to access the (new) credential).

Any thoughts?

------------------------------
Cheers Astrid
------------------------------