End users sign in with Clerk. We map Clerk users to rows in our database and scope all pipeline data by userId.
Source and destination credentials for running ingestion usually live in your execution environment (CI, runner, local .env), not in eltPulse UI — unless you use an optional integration that stores tokens server-side (e.g. BYO GitHub).
The Connections page stores named profiles per user: connector type, non-secret config, and optionally encrypted secrets for use by trusted runtimes. Pipelines link saved profiles by id; generated artifacts may include resolved names for runners. Monitors can require a matching connection so S3/SQS checks know which credential profile to use.
A gateway using a valid Bearer token may call GET /api/agent/connections and receive decrypted secret key/value pairs for that user's connections — only deploy gateways you trust with that data. See Concepts and Gateway.
Stripe identifiers and plan tier are stored for subscription management. See Billing under Account & Settings.