Server Access modal lets operators rotate passwords/keys without re-creating the server. API responses never return raw privateKey or password to the browser.
- encryptedCredentials normalized server-side with TESS_CLIENT_ENCRYPTION_KEY
- githubDeployPrivateKey may be auto-generated for password-only SSH hosts
- Redacted fields in list API; full edit only in modal
