Manage credentials

Use the Credential Vault API to create, delete, search for, and update credentials.

Permissions

By default, all users can create credentials. You are the Credential owner of any credentials that you created. As a Credential owner, you can update, delete, and transfer the ownership of your credentials.

Credential URLS

Create credential
Creates a new credential and configures one or more attributes.
POST http://<your_control_room_url>/v2/credentialvault/credentials
Body parameters:
Field Required Description
name Required New credential name; 50 characters maximum and cannot contain special characters
description Optional New credential description; 255 characters maximum
attributes
name Required New attribute name; 50 characters maximum and cannot contain special characters
description Optional New attribute description; 255 characters maximum
userProvided Required Configures the input type with the following options:
  • If userProvided: true, the value is not preset during creation. Only consumers of the locker containing this credential can provide the value.
  • If userProvided: false, the credential owner enters the value. All consumers see the same attribute value set by the credential owner.
masked Optional Configures whether to mask the value. If masked: false, the value returns as an empty string when called.
passwordFlag Optional Flags the value as a password, which limits its use only to password-type fields. This ensures the value is not printed to plain text application. Commands that support Credential Variables

Response: This response contains information on the credential and its attributes.

{
  "id": "string",
  "name": "string",
  "description": "string",
  "lockerId": "string",
  "ownerId": "string",
  "attributes": [
    {
      "id": "string",
      "name": "string",
      "description": "string",
      "userProvided": true,
      "masked": true,
      "passwordFlag": true,
      "createdBy": "string",
      "createdOn": "string",
      "updatedBy": "string",
      "updatedOn": "string",
      "version": "string"
    }
  ],
  "createdBy": "string",
  "createdOn": "string",
  "updatedBy": "string",
  "updatedOn": "string",
  "version": "string"
}
Create a new credential.
After you have created a credential, to add a standard value see Create a new value to a credential attribute.
Search for credentials
POST http://<your_control_room_url>/v2/credentialvault/credentials/list
Query parameter:
Field Required Description
consumed Optional Filters the returned values to only the credentials that being consumed by the current user.
Body parameters: This request body example includes filters, sorting, and page control to refine the response.
{
  "filter": {
    "operator": "NONE",
    "operands": [
      null
    ],
    "field": "string",
    "value": "string"
  },
  "sort": [
    {
      "field": "string",
      "direction": "asc"
    }
  ],
  "page": {
    "offset": 0,
    "length": 0
  }
}

Filters allow you to refine what is returned in the response body. Read more about filters in Filters in an API request body.

Search for credentials using filters
Get credential by id
GET http://<your_control_room_url>/v2/credentialvault/credentials/{id}
Path parameter:
Field Required Description
id Required Identifies the credential

Response: This response contains information on the credential and its attributes.

{
  "id": "string",
  "name": "string",
  "description": "string",
  "lockerId": "string",
  "ownerId": "string",
  "attributes": [
    {
      "id": "string",
      "name": "string",
      "description": "string",
      "userProvided": true,
      "masked": true,
      "passwordFlag": true,
      "createdBy": "string",
      "createdOn": "string",
      "updatedBy": "string",
      "updatedOn": "string",
      "version": "string"
    }
  ],
  "createdBy": "string",
  "createdOn": "string",
  "updatedBy": "string",
  "updatedOn": "string",
  "version": "string"
}
Update credential properties
As a credential owner, you can change the credential name or description, attribute name or description, input type, value masking, or password flagging.
Note: You cannot update a credential that is already assigned to a locker. You cannot change the credential id, credential owner, attribute value, or locker assignment with this API. Use the following APIs instead:
PUT http://<your_control_room_url>/v2/credentialvault/credentials/{id}
Path parameter:
Field Required Description
id Required Identifies the credential
Body parameters:
Field Required Description
name Required New credential name; 50 characters maximum and cannot contain special characters
description Optional New credential description; 255 characters maximum
attributes
name Required New attribute name; 50 characters maximum and cannot contain special characters
description Optional New attribute description; 255 characters maximum
userProvided Required Configures the input type with the following options:
  • If userProvided: true, the value is not preset during creation. Only consumers of the locker containing this credential can provide the value.
  • If userProvided: false, the credential owner enters the value. All consumers see the same attribute value set by the credential owner.
masked Optional Configures whether to mask the value. If masked: false, the value returns as an empty string when called.
passwordFlag Optional Flags the value as a password, which limits its use only to password-type fields. This ensures the value is not printed to plain text application. Commands that support Credential Variables

Response: This response contains information on the credential and its attributes.

{
  "id": "string",
  "name": "string",
  "description": "string",
  "lockerId": "string",
  "ownerId": "string",
  "attributes": [
    {
      "id": "string",
      "name": "string",
      "description": "string",
      "userProvided": true,
      "masked": true,
      "passwordFlag": true,
      "createdBy": "string",
      "createdOn": "string",
      "updatedBy": "string",
      "updatedOn": "string",
      "version": "string"
    }
  ],
  "createdBy": "string",
  "createdOn": "string",
  "updatedBy": "string",
  "updatedOn": "string",
  "version": "string"
}
Update a credential.
Delete credential
DELETE http://<your_control_room_url>/v2/credentialvault/credentials/{id}
Path parameter:
Field Required Description
id Required Identifies the credential
Response:
Successful delete
Update credential owner
You can transfer any of your credentials to a new owner. If the credential is assigned to a locker, you can transfer the ownership to one of the locker members. If the credential is not assigned to a locker, you can transfer the ownership to any other user in the system. Users with the AAE_Locker role can update the credential owners for any credential in the system.
PUT http://<your_control_room_url>/v2/credentialvault/credentials/{id}/owner/{credentialOwnerId}
URL parameter:
Field Required Description
id Required Identifies the credential
credentialOwnerId Required Specifies the new owner
Response:
Successful update of credential ownership