receiving, by a credential manager running at a first network segment of network segment of a landscape environment, a request associated with an authentication of a requestor system at the landscape environment, the landscape environment including the network segments managed by different entities, wherein the request is for authentication of the requestor system at a software system running at a second network segment, wherein the second network segment provides cloud platform resources for hosting and running software systems associated with the requestor system; and

in response to receiving the request:

triggering, by the credential manager, an operation for execution by the credential usage component running at a third network segment of the landscape environment, wherein the operation is for executing an action at the software system running at the second network segment, the action requiring authentication based on decrypted credentials, wherein the operation is triggered based on domain logic associated with the requestor system as stored by the credential manager, and wherein triggering the operation comprises:

providing, by the credential manager, the encrypted credentials to the credential usage component, wherein the encrypted credentials are decryptable with a private key at the third network segment by the credential usage component, wherein the private key is obtainable by the credential usage component from a third key storage persisted at the credential usage component in the third network segment, and wherein the private key and the public key are an asymmetric key pair.