Manage credentials
- 최종 업데이트2020/05/11
Manage credentials
Use the Credential Vault API to create, delete, search for, and update credentials.
Permissions
By default, all users can create credentials. You are the Credential owner of any credentials that you created. As a Credential owner, you can update, delete, and transfer the ownership of your credentials.
Credential URLS
- Create credential
- Creates a new credential and configures one or more attributes.
-
POST http://<your_control_room_url>/v2/credentialvault/credentials
-
Body parameters:
Field Required Description name
Required New credential name; 50 characters maximum and cannot contain special characters description
Optional New credential description; 255 characters maximum attributes
name
Required New attribute name; 50 characters maximum and cannot contain special characters description
Optional New attribute description; 255 characters maximum userProvided
Required Configures the input type with the following options: - If
userProvided: true
, the value is not preset during creation. Only consumers of the locker containing this credential can provide the value. - If
userProvided: false
, the credential owner enters the value. All consumers see the same attribute value set by the credential owner.
masked
Optional Configures whether to mask the value. If masked: false
, the value returns as an empty string when called.passwordFlag
Optional Flags the value as a password, which limits its use only to password-type fields. This ensures the value is not printed to plain text application. Commands that support Credential Variables - If
-
Response: This response contains information on the credential and its attributes.
{ "id": "string", "name": "string", "description": "string", "lockerId": "string", "ownerId": "string", "attributes": [ { "id": "string", "name": "string", "description": "string", "userProvided": true, "masked": true, "passwordFlag": true, "createdBy": "string", "createdOn": "string", "updatedBy": "string", "updatedOn": "string", "version": "string" } ], "createdBy": "string", "createdOn": "string", "updatedBy": "string", "updatedOn": "string", "version": "string" }
- Create a new credential.
- After you have created a credential, to add a standard value see Create a new value to a credential attribute.
- Search for credentials
-
POST http://<your_control_room_url>/v2/credentialvault/credentials/list
-
Query parameter:
Field Required Description consumed
Optional Filters the returned values to only the credentials that being consumed by the current user. -
Body parameters: This request body example includes filters, sorting, and page control to refine the response.
{ "filter": { "operator": "NONE", "operands": [ null ], "field": "string", "value": "string" }, "sort": [ { "field": "string", "direction": "asc" } ], "page": { "offset": 0, "length": 0 } }
-
Filters allow you to refine what is returned in the response body. Read more about filters in Filters in an API request body.
- Search for credentials using filters
- Get credential by id
-
GET http://<your_control_room_url>/v2/credentialvault/credentials/{id}
-
Path parameter:
Field Required Description id
Required Identifies the credential -
Response: This response contains information on the credential and its attributes.
{ "id": "string", "name": "string", "description": "string", "lockerId": "string", "ownerId": "string", "attributes": [ { "id": "string", "name": "string", "description": "string", "userProvided": true, "masked": true, "passwordFlag": true, "createdBy": "string", "createdOn": "string", "updatedBy": "string", "updatedOn": "string", "version": "string" } ], "createdBy": "string", "createdOn": "string", "updatedBy": "string", "updatedOn": "string", "version": "string" }
- Update credential properties
- As a credential owner, you can change the credential name or description, attribute name or description, input type, value masking, or password flagging.
-
Note: You cannot update a credential that is already assigned to a locker. You cannot change the credential id, credential owner, attribute value, or locker assignment with this API. Use the following APIs instead:
-
PUT http://<your_control_room_url>/v2/credentialvault/credentials/{id}
-
Path parameter:
Field Required Description id
Required Identifies the credential -
Body parameters:
Field Required Description name
Required New credential name; 50 characters maximum and cannot contain special characters description
Optional New credential description; 255 characters maximum attributes
name
Required New attribute name; 50 characters maximum and cannot contain special characters description
Optional New attribute description; 255 characters maximum userProvided
Required Configures the input type with the following options: - If
userProvided: true
, the value is not preset during creation. Only consumers of the locker containing this credential can provide the value. - If
userProvided: false
, the credential owner enters the value. All consumers see the same attribute value set by the credential owner.
masked
Optional Configures whether to mask the value. If masked: false
, the value returns as an empty string when called.passwordFlag
Optional Flags the value as a password, which limits its use only to password-type fields. This ensures the value is not printed to plain text application. Commands that support Credential Variables - If
-
Response: This response contains information on the credential and its attributes.
{ "id": "string", "name": "string", "description": "string", "lockerId": "string", "ownerId": "string", "attributes": [ { "id": "string", "name": "string", "description": "string", "userProvided": true, "masked": true, "passwordFlag": true, "createdBy": "string", "createdOn": "string", "updatedBy": "string", "updatedOn": "string", "version": "string" } ], "createdBy": "string", "createdOn": "string", "updatedBy": "string", "updatedOn": "string", "version": "string" }
- Update a credential.
- Delete credential
-
DELETE http://<your_control_room_url>/v2/credentialvault/credentials/{id}
-
Path parameter:
Field Required Description id
Required Identifies the credential -
Response:
Successful delete
- Update credential owner
- You can transfer any of your credentials to a new owner. If the credential
is assigned to a locker, you can transfer the
ownership to one of the locker members. If the
credential is not assigned to a locker, you can
transfer the ownership to any other user in the system. Users with the
AAE_Locker
role can update the credential owners for any credential in the system. -
PUT http://<your_control_room_url>/v2/credentialvault/credentials/{id}/owner/{credentialOwnerId}
-
URL parameter:
Field Required Description id
Required Identifies the credential credentialOwnerId
Required Specifies the new owner -
Response:
Successful update of credential ownership