Data Protection regulations / GDPR imply that personal data retention should be justified by valid reasons.
Once a ticket is processed and closed, there is no longer any need to retain users personal credentials.
It would be ideal to be able to automate deletion of such credentials data either by automation ( so many days after ticket is closed) or have an API endpoint to manage that.